CVE-2022-50288Use After Free in Linux

CWE-416Use After Free5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnic_dcb_get_info() on the obtained pointer, which is potentially freed at that point. Propagate errors from qlcnic_dcb_en

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel3.144.14.303+7
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux3c44bba1d270cb1620b4fe76786d0968118cb86b36999236f0b12d5de21a6f40e93b570727b9ceb2+8
debiandebian/linux< linux 6.1.7-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-rqx9-pg4r-6qm3: In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb2025-09-15
OSV
CVE-2022-50288: In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb w2025-09-15

📋Vendor Advisories

2
Red Hat
kernel: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure2025-09-15
Debian
CVE-2022-50288: linux - In the Linux kernel, the following vulnerability has been resolved: qlcnic: pre...2022
CVE-2022-50288 — Use After Free in Linux | cvebase