CVE-2022-50422

Updated: 2026-01-16 03:08:00.141213

Description:

In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() When executing SMP task failed, the smp_execute_task_sg() calls del_timer() to delete "slow_task->timer". However, if the timer handler sas_task_internal_timedout() is running, the del_timer() in smp_execute_task_sg() will not stop it and a UAF will happen. The process is shown below: (thread 1) | (thread 2) smp_execute_task_sg() | sas_task_internal_timedout() ... | del_timer() | ... | ... sas_free_task(task) | kfree(task->slow_task) //FREE| | task->slow_task->... //USE Fix by calling del_timer_sync() in smp_execute_task_sg(), which makes sure the timer handler have finished before the "task->slow_task" is deallocated.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2026:1768669128 2026-01-28 12:10:54
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2026:1770040438 2026-02-10 13:40:15
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2025-12-28 09:00:44
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Needs Triage 2026-01-29 12:00:48
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2026:1769610819 2026-01-28 20:39:42
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2026:1770028389 2026-02-02 14:59:24
RHEL 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2026:1770028764 2026-02-02 14:59:16
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Needs Triage 2025-12-28 07:17:23
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Needs Triage 2025-12-28 07:36:37