CVE-2022-50677 — Expired Pointer Dereference in Linux

CWE-825 — Expired Pointer Dereference6 documents5 sources

Severity

4.7MEDIUM

No vector

EPSS

0.0%

top 85.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedDec 9

Description

In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees the "intf" pointer so we cannot dereference it again on the next line.

Affected Packages4 packages

▶Linuxlinux/linux_kernel4.20.0 — 5.4.229+5

▶Debianlinux/linux_kernel< 5.10.178-1+3

▶CVEListV5linux/linuxf9d405a4bd6090ffbf3bba5e2da6b44c0e013cb3 — 35ad87bfe330f7ef6a19f772223c63296d643172+7

▶debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-chf6-hvqj-hp2j: In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees↗2025-12-09

▶

OSV

CVE-2022-50677: In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees th↗2025-12-09

▶

OSV

ipmi: fix use after free in _ipmi_destroy_user()↗2025-12-09

▶

📋Vendor Advisories

Red Hat

kernel: ipmi: fix use after free in _ipmi_destroy_user()↗2025-12-09

▶

Debian

CVE-2022-50677: linux - In the Linux kernel, the following vulnerability has been resolved: ipmi: fix u...↗2022

▶