CVE-2022-50389

MEDIUM

Linux Kernel Use-After-Free in TPM CRB ACPI Table Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak In crb_acpi_add(), we get the TPM2 table to retrieve information like start method, and then assign them to the priv data, so the TPM2 table is not used after the init, should be freed, call acpi_put_table() to fix the memory leak.

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/08fd965521d0e172d540cf945517810895fcb199

Patch

https://git.kernel.org/stable/c/1af2232b13837ce0f3a082b9f43735b09aafc367

Patch

https://git.kernel.org/stable/c/927860dfa161ae8392a264197257dbdc52b26b0f

Patch

https://git.kernel.org/stable/c/0bd9b4be721c776f77adcaf34105dfca3007ddb9

Patch

https://git.kernel.org/stable/c/986cd9a9b95423e35a2cbb8e9105aec0e0d7f337

Patch

https://git.kernel.org/stable/c/2fcd3dc8b97a14f1672729c86b7041a1a89b052a

Patch

https://git.kernel.org/stable/c/b0785edaf649e5f04dc7f75533e810f4c00e4106

Patch

https://git.kernel.org/stable/c/37e90c374dd11cf4919c51e847c6d6ced0abc555

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (26)

linux/Kernel 4.0.0 - 4.14.303linux

linux/Kernel 4.15.0 - 4.19.270linux

linux/Kernel 4.20.0 - 5.4.229linux

linux/Kernel 5.11.0 - 5.15.87linux

linux/Kernel 5.16.0 - 6.0.17linux

linux/Kernel 5.5.0 - 5.10.163linux

linux/Kernel 6.1.0 - 6.1.3linux

Linux/Linux < 4.0

Linux/Linux 30fc8d138e9123f374a3c3867e7c7c5cd4004941 - 08fd965521d0e172d540cf945517810895fcb199

Linux/Linux 30fc8d138e9123f374a3c3867e7c7c5cd4004941 - 0bd9b4be721c776f77adcaf34105dfca3007ddb9

... and 16 more

Published Sep 18, 2025

Tracked Since Feb 18, 2026