2396374 – (CVE-2022-50384) CVE-2022-50384 kernel: staging: vme_user: Fix possible UAF in tsi148_dma_list_add

Bug 2396374 (CVE-2022-50384) - CVE-2022-50384 kernel: staging: vme_user: Fix possible UAF in tsi148_dma_list_add

Summary: CVE-2022-50384 kernel: staging: vme_user: Fix possible UAF in tsi148_dma_list...

Keywords:
Status:	NEW
Alias:	CVE-2022-50384
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-18 14:01 UTC by OSIDB Bzimport
Modified:	2025-11-26 10:42 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-18 14:01:16 UTC

In the Linux kernel, the following vulnerability has been resolved:

staging: vme_user: Fix possible UAF in tsi148_dma_list_add

Smatch report warning as follows:

drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn:
  '&entry->list' not removed from list

In tsi148_dma_list_add(), the error path "goto err_dma" will not
remove entry->list from list->entries, but entry will be freed,
then list traversal may cause UAF.

Fix by removeing it from list->entries before free().

Comment 1 Keith Grant 2025-09-18 15:17:12 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50384-b652@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.