Linux Kernel Device Management Vulnerability in SPI Controller
CVE-2022-50190

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 June 2025

What is CVE-2022-50190?

A vulnerability in the device management of the Linux kernel affects SPI controllers, specifically when there is a failure in the devm_add_action_or_reset() function. This leads to an incorrect reference count decrement in the spi_unregister function, which can cause a use-after-free condition when error handling routines attempt to access released control structures. This issue may allow attackers to exploit memory management mistakes, potentially leading to arbitrary code execution or system instability.

Affected Version(s)

Linux 59ebbe40fb51e307032ae7f63b2749fad2d4635a < 445fb9c19cf45bd9472fd9babaa31c5e6c7d2720

Linux 59ebbe40fb51e307032ae7f63b2749fad2d4635a < 34bab623ebfc08398499e463396b81abb4abe01e

Linux 59ebbe40fb51e307032ae7f63b2749fad2d4635a < 3c6bd448442b6c3f6843ac70d57201a13478dd47

References

https://git.kernel.org/stable/c/445fb9c19cf45bd9472fd9bab...
https://git.kernel.org/stable/c/34bab623ebfc08398499e4633...
https://git.kernel.org/stable/c/3c6bd448442b6c3f6843ac70d...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-50190 : Linux Kernel Device Management Vulnerability in SPI Controller