PT-2025-41048 · Linux+5 · Linux Kernel+5

Published

2023-05-16

Updated

2025-12-08

CVE-2022-50543

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc1-roce-flush+ #25

Description The Linux kernel contains a flaw in the RDMA/rxe subsystem related to double freeing of memory associated with memory registration (mr->map). Specifically, the rxe mr cleanup() function may attempt to free the mr->map structure multiple times when rxe mr init user() fails. This issue was initially addressed in commit b18c7da63fcb, then fixed in commit 8ff5f5d9d8cf, but the fix was subsequently reverted by commit 1e75550648da. The rxe mr cleanup() function now consistently handles freeing the mr->map once it has been successfully allocated.

Recommendations Update to a version of the Linux kernel that includes the fix for this issue.

Exploit

Fix

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2025:22800

ALSA-2025:22801

CESA-2023_2951

CVE-2022-50543

RHSA-2023:2951

RHSA-2023:6583

RHSA-2023_2951

RHSA-2023_6583

RHSA-2025:22800

RHSA-2025:22801

RHSA-2026:0532

RHSA-2026:0536

SUSE-SU-2025:4149-1

SUSE-SU-2025:4320-1

Affected Products

Almalinux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2025-41048 · Linux+5 · Linux Kernel+5

CVE-2022-50543

Weakness Enumeration

Related Identifiers

Affected Products

References · 450