PT-2025-52927 · Linux · Linux Kernel

Published

2025-12-24

·

Updated

2026-03-26

·

CVE-2022-50697

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee
Description The Linux kernel contains a use-after-free issue within the mrp (Multiple Registration Protocol) component. Specifically, a synchronization problem exists in the del timer sync function, potentially allowing a timer to restart after cancellation under certain conditions. This can lead to a use-after-free condition, as demonstrated by a crash report from syzbot. The issue is related to the handling of active flags and timer restarts within the mrp module. The vulnerability is present in the enqueue timer function within kernel/time/timer.c and affects the hlist add head function in include/linux/list.h.
Recommendations Update to Linux kernel version 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee or a later version that includes the fix.

Exploit

Fix

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-05121
CVE-2022-50697
SUSE-SU-2026:0411-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0474-1
SUSE-SU-2026:0475-1
SUSE-SU-2026:0495-1
SUSE-SU-2026:0496-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:0953-1
SUSE-SU-2026:0954-1
SUSE-SU-2026:0958-1
SUSE-SU-2026:0964-1
SUSE-SU-2026:0967-1
SUSE-SU-2026:0970-1
SUSE-SU-2026:0983-1
SUSE-SU-2026:0985-1
SUSE-SU-2026:0992-1
SUSE-SU-2026:0997-1
SUSE-SU-2026:1000-1
SUSE-SU-2026:1002-1
SUSE-SU-2026:1039-1
SUSE-SU-2026:1044-1
SUSE-SU-2026:1046-1
SUSE-SU-2026:1048-1
SUSE-SU-2026:1049-1
SUSE-SU-2026:1059-1
SUSE-SU-2026:1088-1

Affected Products

Linux Kernel