CVE-2022-50433

{"id": "CVE-2022-50433", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-10-01T12:15:35.127", "references": [{"url": "https://git.kernel.org/stable/c/11497fd69cd2282538ec6eb4cda1d16fc061233d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/4b017e59f01097f19b938f6dc4dc2c4720701610", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: ssdt: Don't free memory if ACPI table was loaded successfully\n\nAmadeusz reports KASAN use-after-free errors introduced by commit\n3881ee0b1edc (\"efi: avoid efivars layer when loading SSDTs from\nvariables\"). The problem appears to be that the memory that holds the\nnew ACPI table is now freed unconditionally, instead of only when the\nACPI core reported a failure to load the table.\n\nSo let's fix this, by omitting the kfree() on success."}], "lastModified": "2026-01-20T15:33:13.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBBC1B11-9296-4778-95E2-B7A8C9EB8D24", "versionEndExcluding": "6.0.4", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}