Use-after-free in Linux kernel - CVE-2022-50245
Published: September 16, 2025 / Updated: September 22, 2025
Vulnerability identifier: #VU115393
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-50245
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mport_cdev_open() function in drivers/rapidio/devices/rio_mport_cdev.c. A local user can escalate privileges on the system.
How to mitigate CVE-2022-50245
Install update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/02d7d89f816951e0862147d751b1150d67aaebdd
- https://git.kernel.org/stable/c/2a6c75adf8192f07ddcdd4a1a13488c890a73919
- https://git.kernel.org/stable/c/2ba06e57f933f0eac242e8b389433da1cc00d4d5
- https://git.kernel.org/stable/c/2dfd60724d271a6ab99f93f40f38f2ced1ddbb87
- https://git.kernel.org/stable/c/2f5cc7fd73fd6253cc71214f0dd499cc62feb469
- https://git.kernel.org/stable/c/311b488405ac45af46756b1c8f1d27007b68b07e
- https://git.kernel.org/stable/c/5ee850645e42f541ce1ea8130c2b27cc495f965c
- https://git.kernel.org/stable/c/a253dde0403a153075ffb254f6f7b2635e49e97a
- https://git.kernel.org/stable/c/cb87af2c19c0993f6e21f75b963a5599c5a73e76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2