DEBIAN-CVE-2022-50421

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2022-50421

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50421.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50421

Upstream

CVE-2022-50421

Published

2025-10-01T12:15:33Z

Modified

2025-10-02T09:01:18Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Avoid double destroy of default endpoint The rpmsgdevremove() in rpmsgcore is the place for releasing this default endpoint. So need to avoid destroying the default endpoint in rpmsgchrdeveptdevdestroy(), this should be the same as rpmsgeptdevrelease(). Otherwise there will be double destroy issue that ept->refcount report warning: refcountt: underflow; use-after-free. Call trace: refcountwarnsaturate+0xf8/0x150 virtiorpmsgdestroyept+0xd4/0xec rpmsgdevremove+0x60/0x70 The issue can be reproduced by stopping remoteproc before closing the /dev/rpmsgX.

References

https://security-tracker.debian.org/tracker/CVE-2022-50421

Affected packages

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}