User After Free Vulnerability in Linux Kernel's HugeTLB Management
CVE-2022-50630

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 December 2025

What is CVE-2022-50630?

A vulnerability in the Linux kernel's handling of HugeTLB can lead to a User After Free (UAF) condition due to improper locking mechanisms in the memory management code. Specifically, during userfault handling, the necessary locks are unlocked before processing the userfault, allowing for potential race conditions that may affect the integrity of memory access and lead to unpredictable behavior. This issue underscores the importance of precise locking sequences in memory management operations within the kernel.

Affected Version(s)

Linux 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45 < 45c33966759ea1b4040c08dacda99ef623c0ca29

Linux 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45 < 0db2efb3bff879566f05341d94c3de00ac95c4cc

Linux 1a1aad8a9b7bd34f60cdf98cd7915f00ae892c45

References

https://git.kernel.org/stable/c/45c33966759ea1b4040c08dac...

https://git.kernel.org/stable/c/0db2efb3bff879566f05341d9...

https://git.kernel.org/stable/c/dd691973f67b2800a97db723b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Dec 8, 2025

JSON