CVE-2022-50454
Published: Oct 1, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm will call nouveau_bo_del_ttm() and free the memory.Thus, when nouveau_bo_init() returns an error, the gem object has already been released. Then the call to nouveau_bo_ref() will use the freed "nvbo->bo" and lead to a use-after-free bug. We should delete the call to nouveau_bo_ref() to avoid the use-after-free.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - < 56ee9577915dc06f55309901012a9ef68dbdb5a8affected 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - < 5d6093c49c098d86c7b136aba9922df44aeb6944affected 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - < 861f085f81fd569b02cc2c11165a9e6cca144424affected 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - < 3aeda2fe6517cc52663d4ce3588dd43f0d4124a7affected 019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - < 7d80473e9f12548ac05b36af4fb9ce80f2f73509+1 more versions |
Linux | Linux | affected 5.4unaffected 0 - < 5.4unaffected 5.4.220 - <= 5.4.*unaffected 5.10.150 - <= 5.10.*unaffected 5.15.75 - <= 5.15.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now