CVE-2022-50454

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue was identified in the nouveau gem prime import sg table() function within the Nouveau driver. The issue occurs because nouveau bo init() can return an error after the gem object has already been released, leading to a use-after-free when nouveau bo ref() is called with freed memory (nvbo->bo). The root cause is that nouveau bo init() relies on ttm bo init() and forwards its return code. On failure, ttm bo init() calls nouveau bo del ttm() to free the memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-01631

CVE-2022-50454

SUSE-SU-2025:03613-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03626-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Linux Kernel

Nouveau

Suse

CVE-2022-50454

Weakness Enumeration

Related Identifiers

Affected Products

References · 880