CVE-2022-50873Free of Memory not on the Heap in Linux

CWE-590Free of Memory not on the Heap7 documents6 sources
Severity
6.2MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove In vp_vdpa_remove(), the code kfree(&vp_vdpa_mgtdev->mgtdev.id_table) uses a reference of pointer as the argument of kfree, which is the wrong pointer and then may hit crash like this: Unable to handle kernel paging request at virtual address 00ffff003363e30c Internal error: Oops: 96000004 [#1] SMP Call trace: rb_next+0x20/0x5c ext4_readdir+0x494/0x5c4 [ext4] iterate_d

Affected Packages4 packages

Linuxlinux/linux_kernel5.19.06.0.19+1
Debianlinux/linux_kernel< 6.1.7-1+2
CVEListV5linux/linuxffbda8e9df10d1784d5427ec199e7d8308e3763f8fe12680b2c731201519935013ec9219c93ec540+3
debiandebian/linux< linux 6.1.7-1 (bookworm)

🔴Vulnerability Details

3
OSV
vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove2025-12-30
GHSA
GHSA-39pj-4mfg-vcvw: In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove In vp_vdpa_remove(), t2025-12-30
OSV
CVE-2022-50873: In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove In vp_vdpa_remove(), the2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove2025-12-30
Debian
CVE-2022-50873: linux - In the Linux kernel, the following vulnerability has been resolved: vdpa/vp_vdp...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50873 Impact, Exploitability, and Mitigation Steps | Wiz