CVE-2022-50697Signal Handler Race Condition in Linux

CWE-364Signal Handler Race Condition7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of del_timer_sync must prevent restarting of the timer, If we have no this synchronization, there is a small probability that the cancellation will not be successful. And syzbot report the fellowing crash: BUG: KASAN: use-after-free in hlist_add_head include/linux/list.h:929 [inline] BUG: KASAN: use-after-free in enqueue_timer+0x18/0xa4 kernel/time/ti

Affected Packages4 packages

Linuxlinux/linux_kernel3.9.04.9.337+7
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxfebf018d22347b5df94066bca05d0c11a84e839d98f53e591940e4c3818be358c5dc684d5b30cb56+9
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50697: In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of del2025-12-24
OSV
mrp: introduce active flags to prevent UAF when applicant uninit2025-12-24
GHSA
GHSA-9xfq-qg8q-q648: In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of d2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Use-after-free in mrp module leads to denial of service2025-12-24
Debian
CVE-2022-50697: linux - In the Linux kernel, the following vulnerability has been resolved: mrp: introd...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50697 Impact, Exploitability, and Mitigation Steps | Wiz