In the Linux kernel, the following vulnerability has been resolved: staging: vme_user: Fix possible UAF in tsi148_dma_list_add Smatch report warning as follows: drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn: '&entry->list' not removed from list In tsi148_dma_list_add(), the error path "goto err_dma" will not remove entry->list from list->entries, but entry will be freed, then list traversal may cause UAF. Fix by removeing it from list->entries before free().

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

No data.

No data.

References
Link Providers
https://git.kernel.org/stable/c/1f5661388f43df3ac106ce93e67d8d22b16a78ff cve-icon cve-icon
https://git.kernel.org/stable/c/357057ee55d3c99a5de5abe8150f7bca04f8e53b cve-icon cve-icon
https://git.kernel.org/stable/c/51c0ad3b7c5b01f9314758335a13f157b05fa56d cve-icon cve-icon
https://git.kernel.org/stable/c/5cc4eea715a3fcf4e516662f736dfee63979465f cve-icon cve-icon
https://git.kernel.org/stable/c/5d2b286eb034af114f67d9967fc3fbc1829bb712 cve-icon cve-icon
https://git.kernel.org/stable/c/85db68fc901da52314ded80aace99f8b684c7815 cve-icon cve-icon
https://git.kernel.org/stable/c/a45ba33d398a821147d7e5f16ead7eb125e331e2 cve-icon cve-icon
https://git.kernel.org/stable/c/cf138759a7e92c75cfc1b7ba705e4108fe330edf cve-icon cve-icon
https://git.kernel.org/stable/c/e6b0adff99edf246ba1f8d464530a0438cb1cbda cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50384-b652@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-50384 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-50384 cve-icon
History

Fri, 19 Sep 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Vendors & Products Linux
Linux linux Kernel

Fri, 19 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Thu, 18 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: staging: vme_user: Fix possible UAF in tsi148_dma_list_add Smatch report warning as follows: drivers/staging/vme_user/vme_tsi148.c:1757 tsi148_dma_list_add() warn: '&entry->list' not removed from list In tsi148_dma_list_add(), the error path "goto err_dma" will not remove entry->list from list->entries, but entry will be freed, then list traversal may cause UAF. Fix by removeing it from list->entries before free().
Title staging: vme_user: Fix possible UAF in tsi148_dma_list_add
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-09-18T13:33:05.759Z

Updated: 2025-09-18T13:33:05.759Z

Reserved: 2025-09-17T14:53:06.997Z

Link: CVE-2022-50384

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-18T14:15:37.230

Modified: 2025-09-18T14:15:37.230

Link: CVE-2022-50384

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-09-18T00:00:00Z

Links: CVE-2022-50384 - Bugzilla