CVE-2022-50785
Use-After-Free Vulnerability in Linux Kernel fsi:occ Component
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves a use-after-free issue in the fsi: occ component. It occurs because the device can be freed while a file descriptor is still open. The fix involves using get_device and put_device in the open and close functions to ensure the device is not freed prematurely, and adding locking around the freeing of the device buffer as well as checking the buffer before using it in the submit function.
How can this vulnerability impact me? :
The use-after-free vulnerability could lead to undefined behavior such as system crashes, data corruption, or potential escalation of privileges if exploited, as it involves accessing memory that has already been freed while a file descriptor remains open.
What immediate steps should I take to mitigate this vulnerability?
Apply the updated Linux kernel patch that includes the fix for this vulnerability, which involves using get_device and put_device in the open and close functions and adding proper locking around device buffer freeing. Until the patch is applied, avoid using vulnerable kernel versions and monitor for updates from your Linux distribution.