CVE-2022-50476Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective LifetimeCWE-763Release of Invalid Pointer or Reference5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: ntb_netdev: Use dev_kfree_skb_any() in interrupt context TX/RX callback handlers (ntb_netdev_tx_handler(), ntb_netdev_rx_handler()) can be called in interrupt context via the DMA framework when the respective DMA operations have completed. As such, any calls by these routines to free skb's, should use the interrupt context safe dev_kfree_skb_any() function. Previously, these callback handlers would call the interrupt unsafe v

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel3.94.9.337+7
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux548c237c0a9972df5d1afaca38aa733ee577128dd4460c82177899751975180c268f352893302221+9
debiandebian/linux< linux 6.1.4-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50476: In the Linux kernel, the following vulnerability has been resolved: ntb_netdev: Use dev_kfree_skb_any() in interrupt context TX/RX callback handlers (2025-10-04
GHSA
GHSA-gh9q-398w-69gx: In the Linux kernel, the following vulnerability has been resolved: ntb_netdev: Use dev_kfree_skb_any() in interrupt context TX/RX callback handlers2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: ntb_netdev: Use dev_kfree_skb_any() in interrupt context2025-10-04
Debian
CVE-2022-50476: linux - In the Linux kernel, the following vulnerability has been resolved: ntb_netdev:...2022