CVE-2022-50417

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The panfrost gem create with handle() function previously returned a buffer object (BO) with only a reference from the handle. User space could potentially guess and release this handle, leading to a use-after-free condition. Additionally, if the panfrost gem mapping get() function in panfrost ioctl create bo() failed, a reference to the BO was dropped. The create with handle() pattern is problematic. The issue is resolved by creating the handle in panfrost ioctl create bo(). If panfrost gem mapping get() fails, it indicates user space has freed the handle, and an error code is returned.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-03271

CVE-2022-50417

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Astra Linux

Linux Kernel

Suse

CVE-2022-50417

Weakness Enumeration

Related Identifiers

Affected Products

References · 861