PT-2025-53958 · Linux · Linux Kernel

Published

2022-11-17

Updated

2026-02-24

CVE-2022-50840

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the snic tgt create() function in the SCSI subsystem. Specifically, if device add() fails during the creation of a target, the target’s list entry (tgt->list) is not removed from snic->disc.tgt list before the target is freed. This can lead to a use-after-free condition during list traversal. The issue was identified by Smatch, a static analysis tool.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-03689

CVE-2022-50840

SUSE-SU-2026:0263-1

SUSE-SU-2026:0316-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0350-1

SUSE-SU-2026:0369-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Linux Kernel

PT-2025-53958 · Linux · Linux Kernel

CVE-2022-50840

Weakness Enumeration

Related Identifiers

Affected Products

References · 1126