CVE-2022-50411
Published: Sep 18, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of acpi_ds_call_control_method() is reported by KASAN [1] and code inspection reveals that next_walk_state pushed to the thread by acpi_ds_create_walk_state() is freed on errors, but it is not popped from the thread beforehand. Thus acpi_ds_get_current_walk_state() called by acpi_ps_parse_aml() subsequently returns it as the new walk state which is incorrect. To address this, make acpi_ds_call_control_method() call acpi_ds_pop_walk_state() to pop next_walk_state from the thread before returning an error.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 38e251d356a01b61a86cb35213cafd7e8fe7090caffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < f520d181477ec29a496c0b3bbfbdb7e2606c2713affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 2deb42c4f9776e59bee247c14af9c5e8c05ca9a6affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 9ef353c92f9d04c88de3af1a46859c1fb76db0f8affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < b0b83d3f3ffa96e8395c56b83d6197e184902a34+4 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.9.337 - <= 4.9.*unaffected 4.14.303 - <= 4.14.*unaffected 4.19.270 - <= 4.19.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now