Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm will call nouveau_bo_del_ttm() and free the memory.Thus, when nouveau_bo_init() returns an error, the gem object has already been released. Then the call to nouveau_bo_ref() will use the freed "nvbo->bo" and lead to a use-after-free bug. We should delete the call to nouveau_bo_ref() to avoid the use-after-free.

INFO

Published Date :

2025-10-01T11:45:27.337Z

Last Modified :

2025-10-01T11:45:27.337Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-50454 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-50454.

URL Resource
https://git.kernel.org/stable/c/3aeda2fe6517cc52663d4ce3588dd43f0d4124a7 cve-icon cve-icon
https://git.kernel.org/stable/c/540dfd188ea2940582841c1c220bd035a7db0e51 cve-icon cve-icon
https://git.kernel.org/stable/c/56ee9577915dc06f55309901012a9ef68dbdb5a8 cve-icon cve-icon
https://git.kernel.org/stable/c/5d6093c49c098d86c7b136aba9922df44aeb6944 cve-icon cve-icon
https://git.kernel.org/stable/c/7d80473e9f12548ac05b36af4fb9ce80f2f73509 cve-icon cve-icon
https://git.kernel.org/stable/c/861f085f81fd569b02cc2c11165a9e6cca144424 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025100118-CVE-2022-50454-9c7d@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-50454 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-50454 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact