github - ghsa-g2f3-v5g7-7j6h

ghsa-g2f3-v5g7-7j6h

Vulnerability from github

Published

2025-10-01 12:30

Modified

2025-10-01 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

efi: ssdt: Don't free memory if ACPI table was loaded successfully

Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from variables"). The problem appears to be that the memory that holds the new ACPI table is now freed unconditionally, instead of only when the ACPI core reported a failure to load the table.

So let's fix this, by omitting the kfree() on success.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-50433"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:35Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: ssdt: Don\u0027t free memory if ACPI table was loaded successfully\n\nAmadeusz reports KASAN use-after-free errors introduced by commit\n3881ee0b1edc (\"efi: avoid efivars layer when loading SSDTs from\nvariables\"). The problem appears to be that the memory that holds the\nnew ACPI table is now freed unconditionally, instead of only when the\nACPI core reported a failure to load the table.\n\nSo let\u0027s fix this, by omitting the kfree() on success.",
  "id": "GHSA-g2f3-v5g7-7j6h",
  "modified": "2025-10-01T12:30:28Z",
  "published": "2025-10-01T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50433"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11497fd69cd2282538ec6eb4cda1d16fc061233d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b017e59f01097f19b938f6dc4dc2c4720701610"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2022-50433 (GCVE-0-2022-50433)

Vulnerability from cvelistv5

Published

2025-10-01 11:42

Modified

2025-10-01 11:42

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: efi: ssdt: Don't free memory if ACPI table was loaded successfully Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from variables"). The problem appears to be that the memory that holds the new ACPI table is now freed unconditionally, instead of only when the ACPI core reported a failure to load the table. So let's fix this, by omitting the kfree() on success.

References

URL

Tags

	https://git.kernel.org/stable/c/11497fd69cd2282538ec6eb4cda1d16fc061233d
	https://git.kernel.org/stable/c/4b017e59f01097f19b938f6dc4dc2c4720701610

Impacted products

Vendor

Product

Version

Version: 3881ee0b1edce0ece72d24b7c74f46b73bd6dcba
Version: 3881ee0b1edce0ece72d24b7c74f46b73bd6dcba

Version: 6.0

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/efi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "11497fd69cd2282538ec6eb4cda1d16fc061233d",
              "status": "affected",
              "version": "3881ee0b1edce0ece72d24b7c74f46b73bd6dcba",
              "versionType": "git"
            },
            {
              "lessThan": "4b017e59f01097f19b938f6dc4dc2c4720701610",
              "status": "affected",
              "version": "3881ee0b1edce0ece72d24b7c74f46b73bd6dcba",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/efi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.4",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: ssdt: Don\u0027t free memory if ACPI table was loaded successfully\n\nAmadeusz reports KASAN use-after-free errors introduced by commit\n3881ee0b1edc (\"efi: avoid efivars layer when loading SSDTs from\nvariables\"). The problem appears to be that the memory that holds the\nnew ACPI table is now freed unconditionally, instead of only when the\nACPI core reported a failure to load the table.\n\nSo let\u0027s fix this, by omitting the kfree() on success."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T11:42:11.444Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/11497fd69cd2282538ec6eb4cda1d16fc061233d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b017e59f01097f19b938f6dc4dc2c4720701610"
        }
      ],
      "title": "efi: ssdt: Don\u0027t free memory if ACPI table was loaded successfully",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50433",
    "datePublished": "2025-10-01T11:42:11.444Z",
    "dateReserved": "2025-09-17T14:53:07.009Z",
    "dateUpdated": "2025-10-01T11:42:11.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.