CVE-2022-50454

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50454
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50454.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-50454
Downstream
Related
Published
2025-10-01T11:45:27.337Z
Modified
2026-04-02T08:28:31.811312Z
Summary
drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table()
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix a use-after-free in nouveaugemprimeimportsg_table()

nouveauboinit() is backed by ttmboinit() and ferries its return code back to the caller. On failures, ttm will call nouveaubodelttm() and free the memory.Thus, when nouveauboinit() returns an error, the gem object has already been released. Then the call to nouveaubo_ref() will use the freed "nvbo->bo" and lead to a use-after-free bug.

We should delete the call to nouveauboref() to avoid the use-after-free.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50454.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
019cbd4a4feb3aa3a917d78e7110e3011bbff6d5
Fixed
56ee9577915dc06f55309901012a9ef68dbdb5a8
Fixed
5d6093c49c098d86c7b136aba9922df44aeb6944
Fixed
861f085f81fd569b02cc2c11165a9e6cca144424
Fixed
3aeda2fe6517cc52663d4ce3588dd43f0d4124a7
Fixed
7d80473e9f12548ac05b36af4fb9ce80f2f73509
Fixed
540dfd188ea2940582841c1c220bd035a7db0e51

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50454.json"