CVE-2022-50384 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

staging: vme_user: Fix possible UAF in tsi148_dma_list_add

Smatch report warning as follows:

drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn:
'&entry->list' not removed from list

In tsi148_dma_list_add(), the error path "goto err_dma" will not
remove entry->list from list->entries, but entry will be freed,
then list traversal may cause UAF.

Fix by removeing it from list->entries before free().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/1f5661388f43df3ac106ce93e67d8d22b16a78ff
https://git.kernel.org/stable/c/357057ee55d3c99a5de5abe8150f7bca04f8e53b
https://git.kernel.org/stable/c/51c0ad3b7c5b01f9314758335a13f157b05fa56d
https://git.kernel.org/stable/c/5cc4eea715a3fcf4e516662f736dfee63979465f
https://git.kernel.org/stable/c/5d2b286eb034af114f67d9967fc3fbc1829bb712
https://git.kernel.org/stable/c/85db68fc901da52314ded80aace99f8b684c7815
https://git.kernel.org/stable/c/a45ba33d398a821147d7e5f16ead7eb125e331e2
https://git.kernel.org/stable/c/cf138759a7e92c75cfc1b7ba705e4108fe330edf
https://git.kernel.org/stable/c/e6b0adff99edf246ba1f8d464530a0438cb1cbda

History

Thu, 18 Sep 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: staging: vme_user: Fix possible UAF in tsi148_dma_list_add Smatch report warning as follows: drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn: '&entry->list' not removed from list In tsi148_dma_list_add(), the error path "goto err_dma" will not remove entry->list from list->entries, but entry will be freed, then list traversal may cause UAF. Fix by removeing it from list->entries before free().
Title		staging: vme_user: Fix possible UAF in tsi148_dma_list_add
References		https://git.kernel.org/stable/c/1f5661388f43df3ac106ce93e67d8d22b16a78ff https://git.kernel.org/stable/c/357057ee55d3c99a5de5abe8150f7bca04f8e53b https://git.kernel.org/stable/c/51c0ad3b7c5b01f9314758335a13f157b05fa56d https://git.kernel.org/stable/c/5cc4eea715a3fcf4e516662f736dfee63979465f https://git.kernel.org/stable/c/5d2b286eb034af114f67d9967fc3fbc1829bb712 https://git.kernel.org/stable/c/85db68fc901da52314ded80aace99f8b684c7815 https://git.kernel.org/stable/c/a45ba33d398a821147d7e5f16ead7eb125e331e2 https://git.kernel.org/stable/c/cf138759a7e92c75cfc1b7ba705e4108fe330edf https://git.kernel.org/stable/c/e6b0adff99edf246ba1f8d464530a0438cb1cbda

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-18T13:33:05.759Z

Updated: 2025-09-18T13:33:05.759Z

Reserved: 2025-09-17T14:53:06.997Z

Link: CVE-2022-50384

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-09-18T14:15:37.230

Modified: 2025-09-18T14:15:37.230

Link: CVE-2022-50384

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object