CVE-2022-50433
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50433
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50433.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50433
- Downstream
- Related
- Published
- 2025-10-01T11:42:11Z
- Modified
- 2025-10-21T12:44:54.751427Z
- Summary
- efi: ssdt: Don't free memory if ACPI table was loaded successfully
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
efi: ssdt: Don't free memory if ACPI table was loaded successfully
Amadeusz reports KASAN use-after-free errors introduced by commit 3881ee0b1edc ("efi: avoid efivars layer when loading SSDTs from variables"). The problem appears to be that the memory that holds the new ACPI table is now freed unconditionally, instead of only when the ACPI core reported a failure to load the table.
So let's fix this, by omitting the kfree() on success.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3881ee0b1edce0ece72d24b7c74f46b73bd6dcbaFixed11497fd69cd2282538ec6eb4cda1d16fc061233d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3881ee0b1edce0ece72d24b7c74f46b73bd6dcbaFixed4b017e59f01097f19b938f6dc4dc2c4720701610
Affected versions
v5.*
v5.19
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.1-rc1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"digest": {
"function_hash": "105565377661987945919174950781209406647",
"length": 1243.0
},
"deprecated": false,
"id": "CVE-2022-50433-33c5dc7c",
"target": {
"function": "efivar_ssdt_load",
"file": "drivers/firmware/efi/efi.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b017e59f01097f19b938f6dc4dc2c4720701610",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"182277426012334163315666800777161904684",
"312578593130909065456493051340117213295",
"108005163460296167290401322448456019556",
"110595341146377875471941263853359760332"
]
},
"deprecated": false,
"id": "CVE-2022-50433-7ec4ce87",
"target": {
"file": "drivers/firmware/efi/efi.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@11497fd69cd2282538ec6eb4cda1d16fc061233d",
"signature_type": "Line"
},
{
"signature_version": "v1",
"digest": {
"function_hash": "105565377661987945919174950781209406647",
"length": 1243.0
},
"deprecated": false,
"id": "CVE-2022-50433-9a89cb76",
"target": {
"function": "efivar_ssdt_load",
"file": "drivers/firmware/efi/efi.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@11497fd69cd2282538ec6eb4cda1d16fc061233d",
"signature_type": "Function"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"182277426012334163315666800777161904684",
"312578593130909065456493051340117213295",
"108005163460296167290401322448456019556",
"110595341146377875471941263853359760332"
]
},
"deprecated": false,
"id": "CVE-2022-50433-fa30fead",
"target": {
"file": "drivers/firmware/efi/efi.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b017e59f01097f19b938f6dc4dc2c4720701610",
"signature_type": "Line"
}
]