CVE-2022-50421 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-50421 PUBLISHED CVSS 7.8 HIGH

Reported by Linux · Published October 1, 2025

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Avoid double destroy of default endpoint The rpmsg_dev_remove() in rpmsg_core is the place for releasing this default endpoint. So need to avoid destroying the default endpoint in rpmsg_chrdev_eptdev_destroy(), this should be the same as rpmsg_eptdev_release(). Otherwise there will be double destroy issue that ept->refcount report warning: refcount_t: underflow; use-after-free. Call trace: refcount_warn_saturate+0xf8/0x150 virtio_rpmsg_destroy_ept+0xd4/0xec rpmsg_dev_remove+0x60/0x70 The issue can be reproduced by stopping remoteproc before closing the /dev/rpmsgX.

Risk Scores

CVSS v3.1

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Linux	Linux	bea9b79c2d10fecf7bfa26e212ecefe61d232e39, bea9b79c2d10fecf7bfa26e212ecefe61d232e39, bea9b79c2d10fecf7bfa26e212ecefe61d232e39
Linux	Linux	5.18, 0, 5.19.17
linux	linux_kernel	5.18, 5.18, 5.18
Linux	Linux	6.1, bea9b79c2d10fecf7bfa26e212ecefe61d232e39, bea9b79c2d10fecf7bfa26e212ecefe61d232e39

Timeline

Oct 1, 2025 EPSS Score
Oct 1, 2025 CVE Published
Oct 7, 2025 EPSS Score
Oct 13, 2025 EPSS Score
Oct 19, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Oct 31, 2025 EPSS Score
Nov 6, 2025 EPSS Score
Nov 12, 2025 EPSS Score
Nov 18, 2025 EPSS Score
Nov 24, 2025 EPSS Score
Nov 30, 2025 EPSS Score

References

Open in Interactive Console →