CVE-2022-50840
Unknown Unknown - Not Provided

Use-After-Free Vulnerability in Linux Kernel SCSI snic Driver

Vulnerability report for CVE-2022-50840, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn: '&tgt->list' not removed from list If device_add() fails in snic_tgt_create(), tgt will be freed, but tgt->list will not be removed from snic->disc.tgt_list, then list traversal may cause UAF. Remove from snic->disc.tgt_list before free().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-07-06
AI Q&A
2025-12-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free (UAF) issue in the Linux kernel's SCSI driver 'snic'. Specifically, if the function device_add() fails during the execution of snic_tgt_create(), the target object (tgt) is freed but its list entry is not removed from the target list. This can lead to list traversal accessing freed memory, causing potential instability or crashes.

Impact Analysis

The vulnerability can cause the Linux kernel to access freed memory, which may lead to system instability, crashes, or potential exploitation by attackers to execute arbitrary code or cause denial of service.

Mitigation Strategies

Apply the updated Linux kernel patch that fixes the use-after-free (UAF) issue in the snic_tgt_create() function by ensuring that the target is properly removed from the snic->disc.tgt_list before being freed. This prevents list traversal from causing UAF. Until patched, avoid using vulnerable kernel versions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50840. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart