CVE-2022-50417

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50417
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50417.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50417
Downstream
Related
Published
2025-09-18T16:04:00.512Z
Modified
2026-04-02T08:28:29.791942Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
drm/panfrost: Fix GEM handle creation ref-counting
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/panfrost: Fix GEM handle creation ref-counting

panfrostgemcreatewithhandle() previously returned a BO but with the only reference being from the handle, which user space could in theory guess and release, causing a use-after-free. Additionally if the call to panfrostgemmappingget() in panfrostioctlcreatebo() failed then a(nother) reference on the BO was dropped.

The createwithhandle() is a problematic pattern, so ditch it and instead create the handle in panfrostioctlcreatebo(). If the call to panfrostgemmapping_get() fails then this means that user space has indeed gone behind our back and freed the handle. In which case just return an error code.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50417.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f3ba91228e8e917e5bd6c4b72bfe846933d17370
Fixed
0b70f6ea4d4f2b4d4b291d86ab76b4d07394932c
Fixed
4f1105ee72d8c7c35d90e3491b31b2d9d6b7e33a
Fixed
3f9feffa8a5ab08b4e298a27b1aa7204a7d42ca2
Fixed
ba3d2c2380e7129b525a787489c0b7e819a3b898
Fixed
4217c6ac817451d5116687f3cc6286220dc43d49

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50417.json"