CVE-2022-50423Use After Free in Linux

CWE-416Use After FreeCWE-763Release of Invalid Pointer or Reference5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82 Read of size 1 at addr ffff888112afc460 by task modprobe/2111 CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), Call Trace: kasan_report+0xae/0xe0 acpi_ut_remove_reference+0x3b/0x82 acpi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel3.10.553.11+10
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux8aa5e56eeb61a099ea6519eb30ee399e1bc043ce133462d35dae95edb944af86b986d4c9dec59bd1+13
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50423: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-2025-10-01
GHSA
GHSA-mrmc-2f6j-hcp2: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an us2025-10-01

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Information disclosure and denial of service via use-after-free in ACPI subsystem2025-10-01
Debian
CVE-2022-50423: linux - In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix...2022