CVE-2022-50417

HIGH EPSS 4.5%
Published Sep 18, 20259mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Sep 18, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrost_gem_create_with_handle() previously returned a BO but with the only reference being from the handle, which user space could in theory guess and release, causing a use-after-free. Additionally if the call to panfrost_gem_mapping_get() in panfrost_ioctl_create_bo() failed then a(nother) reference on the BO was dropped. The _create_with_handle() is a problematic pattern, so ditch it and instead create the handle in panfrost_ioctl_create_bo(). If the call to panfrost_gem_mapping_get() fails then this means that user space has indeed gone behind our back and freed the handle. In which case just return an error code.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.2  –  <5.10.163
linuxlinux_kernel*≥5.11  –  <5.15.87
linuxlinux_kernel*≥5.16  –  <6.0.19
linuxlinux_kernel*≥6.1  –  <6.1.5
linuxlinux_kernel6.2any
linuxlinux_kernel6.2any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/0b70f6ea4d4f2b4d4b291d86ab76b4d07394932c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3f9feffa8a5ab08b4e298a27b1aa7204a7d42ca2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4217c6ac817451d5116687f3cc6286220dc43d49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f1105ee72d8c7c35d90e3491b31b2d9d6b7e33a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba3d2c2380e7129b525a787489c0b7e819a3b898
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0b70f6ea4d4f2b4d4b291d86ab76b4d07394932c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3f9feffa8a5ab08b4e298a27b1aa7204a7d42ca2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4217c6ac817451d5116687f3cc6286220dc43d49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f1105ee72d8c7c35d90e3491b31b2d9d6b7e33a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ba3d2c2380e7129b525a787489c0b7e819a3b898
    Patch