Use-after-free in Linux kernel - CVE-2022-50067
Published: June 20, 2025 / Updated: June 21, 2025
Vulnerability identifier: #VU111530
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-50067
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prepare_to_relocate() function in fs/btrfs/relocation.c. A local user can escalate privileges on the system.
How to mitigate CVE-2022-50067
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/5d741afed0bac206640cc64d77b97853283cf719
- https://git.kernel.org/stable/c/78f8c2370e3d33e35f23bdc648653d779aeacb6e
- https://git.kernel.org/stable/c/85f02d6c856b9f3a0acf5219de6e32f58b9778eb
- https://git.kernel.org/stable/c/8e546674031fc1576da501e27a8fd165222e5a37
- https://git.kernel.org/stable/c/b60e862e133f646f19023ece1d476d630a660de1
- https://git.kernel.org/stable/c/dcb11fe0a0a9cca2b7425191b9bf30dc29f2ad0f
- https://git.kernel.org/stable/c/ff0e8ed8dfb584575cffc1561f17a1d094e8565b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.318