CVE-2022-50081

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises from the Linux kernel's KVM module not properly handling the unloading of modules, specifically when using try get module(). This can lead to fatal errors, such as use-after-free explosions, when a module is forcefully unloaded while a VM is running. The error handling does not properly unwind all actions taken, failing to call kvm arch pre destroy vm() and remove the VM from the global list. The use of try get module() is based on a removed feature, "rmmod --wait", which was deleted nearly a decade ago. Forced unloading of modules can cause issues, but addressing this is out-of-scope.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.