CVE-2022-50471Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized (PV) Xen domains: * User process sets up a gntdev mapping composed of two grant mappings (i.e., two pages shared by another Xen domain). * User process munmap()s one of the pages. * User process munmap()s the remaining page. * User process exits. In the scenario above, the us

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel2.6.385.10.152+3
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxab31523c2fcac557226bac72cbdf5fafe01f9a263c6a888e352283a14f37b9b433cd598a1a3a7dd0+5
debiandebian/linux< linux 6.0.3-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-4phv-whx6-wqqc: In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver co2025-10-04
OSV
CVE-2022-50471: In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: xen/gntdev: Accommodate VMA splitting2025-10-04
Debian
CVE-2022-50471: linux - In the Linux kernel, the following vulnerability has been resolved: xen/gntdev:...2022