DEBIAN-CVE-2022-50422
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50422
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50422.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50422
- Upstream
- Published
- 2025-10-01T12:15:33Z
- Modified
- 2025-10-02T09:15:43.166110Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg() When executing SMP task failed, the smpexecutetasksg() calls deltimer() to delete "slowtask->timer". However, if the timer handler sastaskinternaltimedout() is running, the deltimer() in smpexecutetasksg() will not stop it and a UAF will happen. The process is shown below: (thread 1) | (thread 2) smpexecutetasksg() | sastaskinternaltimedout() ... | deltimer() | ... | ... sasfreetask(task) | kfree(task->slowtask) //FREE| | task->slowtask->... //USE Fix by calling deltimersync() in smpexecutetasksg(), which makes sure the timer handler have finished before the "task->slowtask" is deallocated.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.158-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source