CVE-2022-50129

HIGH EPSS 5.5%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srpt_port from regular members into pointers. Allocate the LIO port data structures from inside srpt_make_tport() and free these from inside srpt_make_tport(). Keep struct srpt_device as long as either an RDMA port or a LIO target port is associated with it. This patch decouples the lifetime of struct srpt_port (controlled by the RDMA core) and struct srpt_port_id (controlled by LIO). This patch fixes the following KASAN complaint: BUG: KASAN: use-after-free in srpt_enable_tpg+0x31/0x70 [ib_srpt] Read of size 8 at addr ffff888141cc34b8 by task check/5093 Call Trace: <TASK> show_stack+0x4e/0x53 dump_stack_lvl+0x51/0x66 print_address_description.constprop.0.cold+0xea/0x41e print_report.cold+0x90/0x205 kasan_report+0xb9/0xf0 __asan_load8+0x69/0x90 srpt_enable_tpg+0x31/0x70 [ib_srpt] target_fabric_tpg_base_enable_store+0xe2/0x140 [target_core_mod] configfs_write_iter+0x18b/0x210 new_sync_write+0x1f2/0x2f0 vfs_write+0x3e3/0x540 ksys_write+0xbb/0x140 __x64_sys_write+0x42/0x50 do_syscall_64+0x34/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 </TASK>

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
5.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥3.3  –  <5.10.137
linuxlinux_kernel*≥5.11  –  <5.15.61
linuxlinux_kernel*≥5.16  –  <5.18.18
linuxlinux_kernel*≥5.19  –  <5.19.2

References 5

  • git.kernel.org https://git.kernel.org/stable/c/388326bb1c32fcd09371c1d494af71471ef3a04b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ee8c39968a648d58b273582d4b021044a41ee5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b5605148e6ce36bb21020d49010b617693933128
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de95b52d9aabc979166aba81ccbe623aaf9c16a1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e60d7e2462bf57273563c4e00dbfa79ee973b9e2
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/388326bb1c32fcd09371c1d494af71471ef3a04b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ee8c39968a648d58b273582d4b021044a41ee5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b5605148e6ce36bb21020d49010b617693933128
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/de95b52d9aabc979166aba81ccbe623aaf9c16a1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e60d7e2462bf57273563c4e00dbfa79ee973b9e2
    Patch