CVE-2022-50092
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free bug in the Linux kernel's device mapper thin provisioning code (dm thin). It occurs when a metadata commit fails for a thin-pool device, causing the transaction to abort and metadata space maps to be destroyed. If the device mapper table is then reloaded for this failed thin-pool, a use-after-free happens in the function dm_sm_register_threshold_callback, which can lead to a kernel crash. The issue is fixed by checking if the thin-pool is in fail mode and returning an error to prevent the use-after-free.
How can this vulnerability impact me? :
This vulnerability can cause a kernel crash (use-after-free) when managing thin-provisioned storage pools in Linux. This can lead to system instability or denial of service if exploited, potentially disrupting services or applications relying on the affected storage.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing a use-after-free crash related to dmsetup and dm_pool_register_metadata_threshold in the Linux kernel. The crash may produce KASAN BUG reports with messages like 'use-after-free in dm_pool_register_metadata_threshold'. The provided reproduction commands include: 1. echo offline > /sys/block/sda/device/state 2. dd if=/dev/zero of=/dev/mapper/thin bs=4k count=10 3. dmsetup load pool --table "0 20971520 thin-pool /dev/sda /dev/sdb 128 0 0" Monitoring kernel logs (e.g., dmesg) for such KASAN reports and running these commands in a controlled environment can help detect the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves ensuring that the Linux kernel is updated to a version where this vulnerability is fixed. The fix involves returning an error (-EINVAL) if the thin-pool is in fail mode during dm_pool_register_metadata_threshold(), preventing the use-after-free. Until the patch is applied, avoid operations that cause metadata commit failures and DM table reloads on thin-pools, as these trigger the vulnerability.