CVE-2022-50423

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc7

Description The Linux kernel contains a use-after-free flaw within the ACPICA component, specifically in the acpi ut copy ipackage to ipackage() function. This issue arises from the improper handling of memory freeing during package copying operations. The root cause is related to a previous fix for a memory leak, which inadvertently introduced the use-after-free condition. The vulnerability occurs when acpi ut copy ipackage to ipackage() fails, leading to the repeated release of an acpi operand object and its subsequent use after being freed. The function acpi ut remove reference() is involved in the issue.

Recommendations Update to a version newer than 6.1.0-rc7.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-03841

CVE-2022-50423

RHSA-2023:6583

RHSA-2024:3138

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

SUSE-SU-2025:4135-1

SUSE-SU-2025:4188-1

SUSE-SU-2025:4189-1

SUSE-SU-2026:0953-1

SUSE-SU-2026:0954-1

SUSE-SU-2026:0958-1

SUSE-SU-2026:0970-1

SUSE-SU-2026:1044-1

SUSE-SU-2026:1088-1

Affected Products

Astra Linux

Linux Kernel

Suse

CVE-2022-50423

Weakness Enumeration

Related Identifiers

Affected Products

References · 1196