CVE-2022-50454
HIGHLinux Kernel 5.4-5.19.17, 6.0-6.0.3 - Use-After-Free in Nouveau GEM Prime Import
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() nouveau_bo_init() is backed by ttm_bo_init() and ferries its return code back to the caller. On failures, ttm will call nouveau_bo_del_ttm() and free the memory.Thus, when nouveau_bo_init() returns an error, the gem object has already been released. Then the call to nouveau_bo_ref() will use the freed "nvbo->bo" and lead to a use-after-free bug. We should delete the call to nouveau_bo_ref() to avoid the use-after-free.
References (6)
Core 6
Core References
Scores
CVSS v3
7.8
EPSS
0.0015
EPSS Percentile
4.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (20)
linux/Kernel
5.11.0 - 5.15.75linux
linux/Kernel
5.16.0 - 5.19.17linux
linux/Kernel
5.20.0 - 6.0.3linux
linux/Kernel
5.4.0 - 5.4.220linux
linux/Kernel
5.5.0 - 5.10.150linux
Linux/Linux
< 5.4
Linux/Linux
019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - 3aeda2fe6517cc52663d4ce3588dd43f0d4124a7
Linux/Linux
019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - 540dfd188ea2940582841c1c220bd035a7db0e51
Linux/Linux
019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - 56ee9577915dc06f55309901012a9ef68dbdb5a8
Linux/Linux
019cbd4a4feb3aa3a917d78e7110e3011bbff6d5 - 5d6093c49c098d86c7b136aba9922df44aeb6944
... and 10 more
Published
Oct 01, 2025
Tracked Since
Feb 18, 2026