CVE-2022-49053

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49053

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49053.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49053

Downstream

DEBIAN-CVE-2022-49053

OESA-2025-1336

SUSE-SU-2025:03124-1

SUSE-SU-2025:03126-1

SUSE-SU-2025:03129-1

SUSE-SU-2025:03130-1

SUSE-SU-2025:03156-1

SUSE-SU-2025:03160-1

SUSE-SU-2025:03180-1

SUSE-SU-2025:03181-1

SUSE-SU-2025:03185-1

SUSE-SU-2025:03186-1

SUSE-SU-2025:03190-1

SUSE-SU-2025:03191-1

SUSE-SU-2025:03194-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1195-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

UBUNTU-CVE-2022-49053

Related

Published

2025-02-26T07:00:42Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: tcmu: Fix possible page UAF

tcmutrygetdatapage() looks up pages under cmdrlock, but it does not take refcount properly and just returns page pointer. When tcmutrygetdatapage() returns, the returned page may have been freed by tcmublocks_release().

We need to getpage() under cmdrlock to avoid concurrent tcmublocksrelease().

References

Affected packages