CVE-2022-50411

HIGH EPSS 4.7%
Published Sep 18, 20259mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Sep 18, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of acpi_ds_call_control_method() is reported by KASAN [1] and code inspection reveals that next_walk_state pushed to the thread by acpi_ds_create_walk_state() is freed on errors, but it is not popped from the thread beforehand. Thus acpi_ds_get_current_walk_state() called by acpi_ps_parse_aml() subsequently returns it as the new walk state which is incorrect. To address this, make acpi_ds_call_control_method() call acpi_ds_pop_walk_state() to pop next_walk_state from the thread before returning an error.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel* <4.9.337
linuxlinux_kernel*≥4.10  –  <4.14.303
linuxlinux_kernel*≥4.15  –  <4.19.270
linuxlinux_kernel*≥4.20  –  <5.4.229
linuxlinux_kernel*≥5.5  –  <5.10.163
linuxlinux_kernel*≥5.11  –  <5.15.86
linuxlinux_kernel*≥5.16  –  <6.0.16
linuxlinux_kernel*≥6.1  –  <6.1.2

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0462fec709d51762ba486245bc344f44cc6cfa97
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2deb42c4f9776e59bee247c14af9c5e8c05ca9a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/38e251d356a01b61a86cb35213cafd7e8fe7090c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/404ec60438add1afadaffaed34bb5fe4ddcadd40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5777432ebaaf797e24f059979b42df3139967163
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/799881db3e03b5e98fe6a900d9d7de8c7d61e7ee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ef353c92f9d04c88de3af1a46859c1fb76db0f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0b83d3f3ffa96e8395c56b83d6197e184902a34
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f520d181477ec29a496c0b3bbfbdb7e2606c2713
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0462fec709d51762ba486245bc344f44cc6cfa97
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2deb42c4f9776e59bee247c14af9c5e8c05ca9a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/38e251d356a01b61a86cb35213cafd7e8fe7090c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/404ec60438add1afadaffaed34bb5fe4ddcadd40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5777432ebaaf797e24f059979b42df3139967163
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/799881db3e03b5e98fe6a900d9d7de8c7d61e7ee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ef353c92f9d04c88de3af1a46859c1fb76db0f8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0b83d3f3ffa96e8395c56b83d6197e184902a34
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f520d181477ec29a496c0b3bbfbdb7e2606c2713
    Patch