{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50454","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-10-01T11:38:45.640Z","datePublished":"2025-10-01T11:45:27.337Z","dateUpdated":"2026-05-11T19:19:47.215Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:19:47.215Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()\n\nnouveau_bo_init() is backed by ttm_bo_init() and ferries its return code\nback to the caller. On failures, ttm will call nouveau_bo_del_ttm() and\nfree the memory.Thus, when nouveau_bo_init() returns an error, the gem\nobject has already been released. Then the call to nouveau_bo_ref() will\nuse the freed \"nvbo->bo\" and lead to a use-after-free bug.\n\nWe should delete the call to nouveau_bo_ref() to avoid the use-after-free."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/nouveau/nouveau_prime.c"],"versions":[{"version":"019cbd4a4feb3aa3a917d78e7110e3011bbff6d5","lessThan":"56ee9577915dc06f55309901012a9ef68dbdb5a8","status":"affected","versionType":"git"},{"version":"019cbd4a4feb3aa3a917d78e7110e3011bbff6d5","lessThan":"5d6093c49c098d86c7b136aba9922df44aeb6944","status":"affected","versionType":"git"},{"version":"019cbd4a4feb3aa3a917d78e7110e3011bbff6d5","lessThan":"861f085f81fd569b02cc2c11165a9e6cca144424","status":"affected","versionType":"git"},{"version":"019cbd4a4feb3aa3a917d78e7110e3011bbff6d5","lessThan":"3aeda2fe6517cc52663d4ce3588dd43f0d4124a7","status":"affected","versionType":"git"},{"version":"019cbd4a4feb3aa3a917d78e7110e3011bbff6d5","lessThan":"7d80473e9f12548ac05b36af4fb9ce80f2f73509","status":"affected","versionType":"git"},{"version":"019cbd4a4feb3aa3a917d78e7110e3011bbff6d5","lessThan":"540dfd188ea2940582841c1c220bd035a7db0e51","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/gpu/drm/nouveau/nouveau_prime.c"],"versions":[{"version":"5.4","status":"affected"},{"version":"0","lessThan":"5.4","status":"unaffected","versionType":"semver"},{"version":"5.4.220","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.150","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.75","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.17","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0.3","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.4.220"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.10.150"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.15.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.19.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.0.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/56ee9577915dc06f55309901012a9ef68dbdb5a8"},{"url":"https://git.kernel.org/stable/c/5d6093c49c098d86c7b136aba9922df44aeb6944"},{"url":"https://git.kernel.org/stable/c/861f085f81fd569b02cc2c11165a9e6cca144424"},{"url":"https://git.kernel.org/stable/c/3aeda2fe6517cc52663d4ce3588dd43f0d4124a7"},{"url":"https://git.kernel.org/stable/c/7d80473e9f12548ac05b36af4fb9ce80f2f73509"},{"url":"https://git.kernel.org/stable/c/540dfd188ea2940582841c1c220bd035a7db0e51"}],"title":"drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()","x_generator":{"engine":"bippy-1.2.0"}}}}