CVE-2022-50454Use After Free in Linux

CWE-416Use After Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 1

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm will call nouveau_bo_del_ttm() and free the memory.Thus, when nouveau_bo_init() returns an error, the gem object has already been released. Then the call to nouveau_bo_ref() will use the freed "nvbo->bo" and lead to a use-after-free bug. We shoul

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel5.45.4.220+4
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux019cbd4a4feb3aa3a917d78e7110e3011bbff6d556ee9577915dc06f55309901012a9ef68dbdb5a8+6
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50454: In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() nouveau_b2025-10-01
GHSA
GHSA-w7xv-cpcr-3q3h: In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() nouveau2025-10-01

📋Vendor Advisories

2
Red Hat
kernel: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()2025-10-01
Debian
CVE-2022-50454: linux - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau...2022