CVE-2022-50454

HIGH EPSS 4.6%
Published Oct 1, 20259mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Oct 1, 2025 9mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm will call nouveau_bo_del_ttm() and free the memory.Thus, when nouveau_bo_init() returns an error, the gem object has already been released. Then the call to nouveau_bo_ref() will use the freed "nvbo->bo" and lead to a use-after-free bug. We should delete the call to nouveau_bo_ref() to avoid the use-after-free.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
4.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥5.4  –  <5.4.220
linuxlinux_kernel*≥5.5  –  <5.10.150
linuxlinux_kernel*≥5.11  –  <5.15.75
linuxlinux_kernel*≥5.16  –  <5.19.17
linuxlinux_kernel*≥6.0  –  <6.0.3

References 6

  • git.kernel.org https://git.kernel.org/stable/c/3aeda2fe6517cc52663d4ce3588dd43f0d4124a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/540dfd188ea2940582841c1c220bd035a7db0e51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/56ee9577915dc06f55309901012a9ef68dbdb5a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d6093c49c098d86c7b136aba9922df44aeb6944
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d80473e9f12548ac05b36af4fb9ce80f2f73509
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/861f085f81fd569b02cc2c11165a9e6cca144424
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3aeda2fe6517cc52663d4ce3588dd43f0d4124a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/540dfd188ea2940582841c1c220bd035a7db0e51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/56ee9577915dc06f55309901012a9ef68dbdb5a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5d6093c49c098d86c7b136aba9922df44aeb6944
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7d80473e9f12548ac05b36af4fb9ce80f2f73509
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/861f085f81fd569b02cc2c11165a9e6cca144424
    Patch