CVE-2022-50563Use After Free in Linux

CWE-416Use After Free6 documents5 sources
Severity
4.4MEDIUM
No vector
EPSS
0.1%
top 80.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in run_timer_softirq() When dm_resume() and dm_destroy() are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in __run_timers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Call Trace: dump_stack_lvl+0x73/0x9f print_report.cold+0x132/0xaa2 _raw_spin_lock_irqsave+0xcd/0x160 __run_timers+0x173/0x710 kasan_report+0xad/0x110 __run_timers+0x173/0x710 __asan_store8

Affected Packages4 packages

Linuxlinux/linux_kernel3.2.04.9.337+7
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux991d9fa02da0dd1f843dc011376965e0c8c6c9b57ee059d06a5d3c15465959e0472993e80fbe4e81+9
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
dm thin: Fix UAF in run_timer_softirq()2025-10-22
GHSA
GHSA-9g9c-838j-m3cg: In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in run_timer_softirq() When dm_resume() and dm_destroy() are co2025-10-22
OSV
CVE-2022-50563: In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in run_timer_softirq() When dm_resume() and dm_destroy() are conc2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: dm thin: Fix UAF in run_timer_softirq()2025-10-22
Debian
CVE-2022-50563: linux - In the Linux kernel, the following vulnerability has been resolved: dm thin: Fi...2022