PT-2025-43073 · Linux+3 · Linux Kernel+3

Published

2022-11-30

Updated

2025-12-04

CVE-2022-50563

CVSS v2.0

4.3

Medium

Vector

AV:L/AC:L/Au:M/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free condition within the dm thin subsystem, specifically in the run timer softirq() function. This issue arises when dm resume() and dm destroy() operations occur concurrently. The root cause is that dm resume() adds a timer while dm destroy() skips timer cancellation due to a suspended state. Subsequently, run timer softirq() is called after the memory pool has already been freed, leading to a use-after-free scenario. The issue can be reproduced by creating a thin-pool, suspending it, resuming it, and then attempting to remove all devices concurrently. The vulnerability occurs in the following functions: dm resume(), dm destroy(), run timer softirq(), and pool destroy().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880

BDU:2026-03847

CESA-2023_2951

CVE-2022-50563

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

SUSE-SU-2025:4111-1

SUSE-SU-2025:4135-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4188-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

PT-2025-43073 · Linux+3 · Linux Kernel+3

CVE-2022-50563

Weakness Enumeration

Related Identifiers

Affected Products

References · 636