{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50677","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-09T01:26:45.991Z","datePublished":"2025-12-09T01:29:30.418Z","dateUpdated":"2026-05-11T19:23:38.612Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:23:38.612Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: fix use after free in _ipmi_destroy_user()\n\nThe intf_free() function frees the \"intf\" pointer so we cannot\ndereference it again on the next line."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/char/ipmi/ipmi_msghandler.c"],"versions":[{"version":"f9d405a4bd6090ffbf3bba5e2da6b44c0e013cb3","lessThan":"35ad87bfe330f7ef6a19f772223c63296d643172","status":"affected","versionType":"git"},{"version":"b642ced2cad496c32ae1f62b85fc395391190820","lessThan":"d23006f2a56e11a3103de0ca8b843bf7fd7d76fc","status":"affected","versionType":"git"},{"version":"cbb79863fc3175ed5ac506465948b02a893a8235","lessThan":"f29d127b372e1b7662397d92341d9f7de198ff99","status":"affected","versionType":"git"},{"version":"cbb79863fc3175ed5ac506465948b02a893a8235","lessThan":"bfce073089cb81482521c65061835aaa6d1a6cc0","status":"affected","versionType":"git"},{"version":"cbb79863fc3175ed5ac506465948b02a893a8235","lessThan":"f7fde441198a9ecb130c3ccec91ee2131d6998ee","status":"affected","versionType":"git"},{"version":"cbb79863fc3175ed5ac506465948b02a893a8235","lessThan":"1fc9b20a7688000fcf4d7fbaa58e415a3cdda961","status":"affected","versionType":"git"},{"version":"cbb79863fc3175ed5ac506465948b02a893a8235","lessThan":"a92ce570c81dc0feaeb12a429b4bc65686d17967","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/char/ipmi/ipmi_msghandler.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"4.19.270","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.229","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.163","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.87","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.0.18","lessThanOrEqual":"6.0.*","status":"unaffected","versionType":"semver"},{"version":"6.1.4","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.92","versionEndExcluding":"4.19.270"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.7","versionEndExcluding":"5.4.229"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.163"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.0.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.1.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/35ad87bfe330f7ef6a19f772223c63296d643172"},{"url":"https://git.kernel.org/stable/c/d23006f2a56e11a3103de0ca8b843bf7fd7d76fc"},{"url":"https://git.kernel.org/stable/c/f29d127b372e1b7662397d92341d9f7de198ff99"},{"url":"https://git.kernel.org/stable/c/bfce073089cb81482521c65061835aaa6d1a6cc0"},{"url":"https://git.kernel.org/stable/c/f7fde441198a9ecb130c3ccec91ee2131d6998ee"},{"url":"https://git.kernel.org/stable/c/1fc9b20a7688000fcf4d7fbaa58e415a3cdda961"},{"url":"https://git.kernel.org/stable/c/a92ce570c81dc0feaeb12a429b4bc65686d17967"}],"title":"ipmi: fix use after free in _ipmi_destroy_user()","x_generator":{"engine":"bippy-1.2.0"}}}}