Use After Free Vulnerability in Tegrakernel from NVIDIA
CVE-2022-50192

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 June 2025

What is CVE-2022-50192?

A use-after-free vulnerability exists in the Linux kernel's interaction with the tegra20-slink driver. This issue occurs after the spi_unregister_master() function is called, resulting in the reference count for the master device being reduced to zero, leading to a scenario where the corresponding device data is freed. This mismanagement can be exploited during the device interaction with the tegra20-slink driver, potentially causing instability and security concerns. The vulnerability is mitigated by ensuring that the master is obtained before it is unregistered and released properly only after use.

Affected Version(s)

Linux 26c863418221344b1cfb8e6c11116b2b81144281 < 415b4ce61308f24583912d887772dfcbf97f1d20

Linux 26c863418221344b1cfb8e6c11116b2b81144281 < 800c7767e05d29656713e04532823a752e57e037

Linux 26c863418221344b1cfb8e6c11116b2b81144281 < 67f77172644260482fdafc03b6025847944701e5

References

https://git.kernel.org/stable/c/415b4ce61308f24583912d887...
https://git.kernel.org/stable/c/800c7767e05d29656713e0453...
https://git.kernel.org/stable/c/67f77172644260482fdafc03b...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-50192 : Use After Free Vulnerability in Tegrakernel from NVIDIA