VDB

CVE-2022-50245

CVE-2022-50245 PUBLISHED

Reported by Linux · Published September 15, 2025

In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible UAF when kfifo_alloc() fails If kfifo_alloc() fails in mport_cdev_open(), goto err_fifo and just free priv. But priv is still in the chdev->file_list, then list traversal may cause UAF. This fixes the following smatch warning: drivers/rapidio/devices/rio_mport_cdev.c:1930 mport_cdev_open() warn: '&priv->list' not removed from list

EPSS 0.02% · 5.9th percentile

Risk Scores

EPSS Score
0.02%
5.9th percentile

Affected Products

VendorProductVersions
LinuxLinuxe8de370188d098bb49483c287b44925957c3c9b6, e8de370188d098bb49483c287b44925957c3c9b6, e8de370188d098bb49483c287b44925957c3c9b6
LinuxLinux4.6, 0, 4.9.337
LinuxLinux6.2, e8de370188d098bb49483c287b44925957c3c9b6, e8de370188d098bb49483c287b44925957c3c9b6
linuxlinux_kernel4.6, 4.6, 4.6

Timeline

  • Sep 15, 2025 CVE Published
  • Sep 16, 2025 EPSS Score
  • Sep 23, 2025 EPSS Score
  • Sep 30, 2025 EPSS Score
  • Oct 7, 2025 EPSS Score
  • Oct 15, 2025 EPSS Score
  • Oct 22, 2025 EPSS Score
  • Oct 29, 2025 EPSS Score
  • Nov 5, 2025 EPSS Score
  • Nov 12, 2025 EPSS Score
  • Nov 19, 2025 EPSS Score
  • Nov 24, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›