Use After Free Vulnerability in Linux Kernel Affecting IPv6 Network Configurations
CVE-2022-50310

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 September 2025

What is CVE-2022-50310?

A vulnerability exists in the Linux kernel's IPv6 networking component that may lead to a use-after-free condition. When the initialization function addrconf_init_net() fails, it can leave the devconf_all pointer in a freed state. The function ip6mr_sk_done() subsequently accesses this invalid pointer during cleanup operations, potentially leading to unauthorized memory access and unpredictable behavior. This flaw may compromise security and system integrity if exploited, underscoring the importance of timely updates and patches to safeguard affected systems.

Affected Version(s)

Linux 7d9b1b578d67a14ae7a7a526ee115b233fa264c4 < 22a68c3b9362eaac7b035eba09e95e6b3f7a912c

Linux 7d9b1b578d67a14ae7a7a526ee115b233fa264c4 < 1ca695207ed2271ecbf8ee6c641970f621c157cc

Linux 5.18

References

https://git.kernel.org/stable/c/22a68c3b9362eaac7b035eba0...

https://git.kernel.org/stable/c/1ca695207ed2271ecbf8ee6c6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Sep 15, 2025