QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-49053

Back to search

CVE-2022-49053

Published: Feb 26, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount properly and just returns page pointer. When tcmu_try_get_data_page() returns, the returned page may have been freed by tcmu_blocks_release(). We need to get_page() under cmdr_lock to avoid concurrent tcmu_blocks_release().

VendorProductVersions

Linux

Linux

affected
141685a39151aea95eb56562d2953e919c6c73da - < d7c5d79e50be6e06b669141e3db1f977a0dd4e8e
affected
141685a39151aea95eb56562d2953e919c6c73da - < e3e0e067d5b34e4a68e3cc55f8eebc413f56f8ed
affected
141685a39151aea95eb56562d2953e919c6c73da - < fb7a5115422fbd6a4d505e8844f1ef5529f10489
affected
141685a39151aea95eb56562d2953e919c6c73da - < aec36b98a1bbaa84bfd8299a306e4c12314af626
affected
141685a39151aea95eb56562d2953e919c6c73da - < b7f3b5d70c834f49f7d87a2f2ed1c6284d9a0322

+2 more versions

Linux

Linux

affected
4.12
unaffected
0 - < 4.12
unaffected
4.14.276 - <= 4.14.*
unaffected
4.19.239 - <= 4.19.*
unaffected
5.4.190 - <= 5.4.*

+4 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now