{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50873", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-30T12:06:07.136Z", "datePublished": "2025-12-30T12:15:42.705Z", "dateUpdated": "2025-12-30T12:15:42.705Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-30T12:15:42.705Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove\n\nIn vp_vdpa_remove(), the code kfree(&vp_vdpa_mgtdev->mgtdev.id_table) uses\na reference of pointer as the argument of kfree, which is the wrong pointer\nand then may hit crash like this:\n\nUnable to handle kernel paging request at virtual address 00ffff003363e30c\nInternal error: Oops: 96000004 [#1] SMP\nCall trace:\n rb_next+0x20/0x5c\n ext4_readdir+0x494/0x5c4 [ext4]\n iterate_dir+0x168/0x1b4\n __se_sys_getdents64+0x68/0x170\n __arm64_sys_getdents64+0x24/0x30\n el0_svc_common.constprop.0+0x7c/0x1bc\n do_el0_svc+0x2c/0x94\n el0_svc+0x20/0x30\n el0_sync_handler+0xb0/0xb4\n el0_sync+0x160/0x180\nCode: 54000220 f9400441 b4000161 aa0103e0 (f9400821)\nSMP: stopping secondary CPUs\nStarting crashdump kernel..."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/virtio_pci/vp_vdpa.c"], "versions": [{"version": "ffbda8e9df10d1784d5427ec199e7d8308e3763f", "lessThan": "8fe12680b2c731201519935013ec9219c93ec540", "status": "affected", "versionType": "git"}, {"version": "ffbda8e9df10d1784d5427ec199e7d8308e3763f", "lessThan": "6ccc891f36d0c20ee220551caabdcd3886ec584b", "status": "affected", "versionType": "git"}, {"version": "ffbda8e9df10d1784d5427ec199e7d8308e3763f", "lessThan": "ed843d6ed7310a27cf7c8ee0a82a482eed0cb4a6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/vdpa/virtio_pci/vp_vdpa.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.19", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.5", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.0.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8fe12680b2c731201519935013ec9219c93ec540"}, {"url": "https://git.kernel.org/stable/c/6ccc891f36d0c20ee220551caabdcd3886ec584b"}, {"url": "https://git.kernel.org/stable/c/ed843d6ed7310a27cf7c8ee0a82a482eed0cb4a6"}], "title": "vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove\n\nIn vp_vdpa_remove(), the code kfree(&vp_vdpa_mgtdev->mgtdev.id_table) uses\na reference of pointer as the argument of kfree, which is the wrong pointer\nand then may hit crash like this:\n\nUnable to handle kernel paging request at virtual address 00ffff003363e30c\nInternal error: Oops: 96000004 [#1] SMP\nCall trace:\n rb_next+0x20/0x5c\n ext4_readdir+0x494/0x5c4 [ext4]\n iterate_dir+0x168/0x1b4\n __se_sys_getdents64+0x68/0x170\n __arm64_sys_getdents64+0x24/0x30\n el0_svc_common.constprop.0+0x7c/0x1bc\n do_el0_svc+0x2c/0x94\n el0_svc+0x20/0x30\n el0_sync_handler+0xb0/0xb4\n el0_sync+0x160/0x180\nCode: 54000220 f9400441 b4000161 aa0103e0 (f9400821)\nSMP: stopping secondary CPUs\nStarting crashdump kernel..."}], "id": "CVE-2022-50873", "lastModified": "2025-12-30T13:16:02.263", "metrics": {}, "published": "2025-12-30T13:16:02.263", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6ccc891f36d0c20ee220551caabdcd3886ec584b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8fe12680b2c731201519935013ec9219c93ec540"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ed843d6ed7310a27cf7c8ee0a82a482eed0cb4a6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}