CVE-2022-50422

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the libsas component of the Linux kernel, specifically within the smp execute task sg() function. This occurs when an SMP task execution fails, and the del timer() function is called to delete a timer. If the timer handler, sas task internal timedout(), is concurrently running, the del timer() call will not successfully stop it. Subsequently, the memory associated with the task is freed, but the timer handler continues to access it, leading to a use-after-free condition. The issue arises from the asynchronous nature of timer handling and the potential for the handler to outlive the memory it references. The fix involves replacing del timer() with del timer sync() in smp execute task sg(), ensuring the timer handler completes before the associated memory is deallocated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.