CVE-2022-50726Use After Free in Linux

CWE-416Use After Free7 documents6 sources
Severity
6.2MEDIUM
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5_cmd_cleanup_async_ctx should return only after all its callback handlers were completed. Before this patch, the below race between mlx5_cmd_cleanup_async_ctx and mlx5_cmd_exec_cb_handler was possible and lead to a use-after-free: 1. mlx5_cmd_cleanup_async_ctx is called while num_inflight is 2 (i.e. elevated by 1, a single inflight callback). 2. mlx5_cmd_cle

Affected Packages4 packages

Linuxlinux/linux_kernel5.1.05.4.223+3
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxe355477ed9e4f401e3931043df97325d38552d5469dd3ad406c49aa69ce4852c15231ac56af8caf9+5
debiandebian/linux< linux 6.0.7-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-gjhx-8fr4-rcc6: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5_cmd_cleanu2025-12-24
OSV
net/mlx5: Fix possible use-after-free in async command interface2025-12-24
OSV
CVE-2022-50726: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5_cmd_cleanup_2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: net/mlx5: Fix possible use-after-free in async command interface2025-12-24
Debian
CVE-2022-50726: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: F...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50726 Impact, Exploitability, and Mitigation Steps | Wiz