CVE-2022-50677 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees the "intf" pointer so we cannot dereference it again on the next line.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/1fc9b20a7688000fcf4d7fbaa58e415a3cdda961
https://git.kernel.org/stable/c/35ad87bfe330f7ef6a19f772223c63296d643172
https://git.kernel.org/stable/c/a92ce570c81dc0feaeb12a429b4bc65686d17967
https://git.kernel.org/stable/c/bfce073089cb81482521c65061835aaa6d1a6cc0
https://git.kernel.org/stable/c/d23006f2a56e11a3103de0ca8b843bf7fd7d76fc
https://git.kernel.org/stable/c/f29d127b372e1b7662397d92341d9f7de198ff99
https://git.kernel.org/stable/c/f7fde441198a9ecb130c3ccec91ee2131d6998ee

History

Tue, 09 Dec 2025 02:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ipmi: fix use after free in _ipmi_destroy_user() The intf_free() function frees the "intf" pointer so we cannot dereference it again on the next line.
Title		ipmi: fix use after free in _ipmi_destroy_user()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1fc9b20a7688000fcf4d7fbaa58e415a3cdda961 https://git.kernel.org/stable/c/35ad87bfe330f7ef6a19f772223c63296d643172 https://git.kernel.org/stable/c/a92ce570c81dc0feaeb12a429b4bc65686d17967 https://git.kernel.org/stable/c/bfce073089cb81482521c65061835aaa6d1a6cc0 https://git.kernel.org/stable/c/d23006f2a56e11a3103de0ca8b843bf7fd7d76fc https://git.kernel.org/stable/c/f29d127b372e1b7662397d92341d9f7de198ff99 https://git.kernel.org/stable/c/f7fde441198a9ecb130c3ccec91ee2131d6998ee

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-09T01:29:30.418Z

Updated: 2025-12-09T01:29:30.418Z

Reserved: 2025-12-09T01:26:45.991Z

Link: CVE-2022-50677

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50677", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-09T01:26:45.991Z", "datePublished": "2025-12-09T01:29:30.418Z", "dateUpdated": "2025-12-09T01:29:30.418Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-09T01:29:30.418Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: fix use after free in _ipmi_destroy_user()\n\nThe intf_free() function frees the \"intf\" pointer so we cannot\ndereference it again on the next line."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/char/ipmi/ipmi_msghandler.c"], "versions": [{"version": "f9d405a4bd6090ffbf3bba5e2da6b44c0e013cb3", "lessThan": "35ad87bfe330f7ef6a19f772223c63296d643172", "status": "affected", "versionType": "git"}, {"version": "b642ced2cad496c32ae1f62b85fc395391190820", "lessThan": "d23006f2a56e11a3103de0ca8b843bf7fd7d76fc", "status": "affected", "versionType": "git"}, {"version": "cbb79863fc3175ed5ac506465948b02a893a8235", "lessThan": "f29d127b372e1b7662397d92341d9f7de198ff99", "status": "affected", "versionType": "git"}, {"version": "cbb79863fc3175ed5ac506465948b02a893a8235", "lessThan": "bfce073089cb81482521c65061835aaa6d1a6cc0", "status": "affected", "versionType": "git"}, {"version": "cbb79863fc3175ed5ac506465948b02a893a8235", "lessThan": "f7fde441198a9ecb130c3ccec91ee2131d6998ee", "status": "affected", "versionType": "git"}, {"version": "cbb79863fc3175ed5ac506465948b02a893a8235", "lessThan": "1fc9b20a7688000fcf4d7fbaa58e415a3cdda961", "status": "affected", "versionType": "git"}, {"version": "cbb79863fc3175ed5ac506465948b02a893a8235", "lessThan": "a92ce570c81dc0feaeb12a429b4bc65686d17967", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/char/ipmi/ipmi_msghandler.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.270", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.229", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.163", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.87", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.18", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.4", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.92", "versionEndExcluding": "4.19.270"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.7", "versionEndExcluding": "5.4.229"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.15.87"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.0.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.1.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/35ad87bfe330f7ef6a19f772223c63296d643172"}, {"url": "https://git.kernel.org/stable/c/d23006f2a56e11a3103de0ca8b843bf7fd7d76fc"}, {"url": "https://git.kernel.org/stable/c/f29d127b372e1b7662397d92341d9f7de198ff99"}, {"url": "https://git.kernel.org/stable/c/bfce073089cb81482521c65061835aaa6d1a6cc0"}, {"url": "https://git.kernel.org/stable/c/f7fde441198a9ecb130c3ccec91ee2131d6998ee"}, {"url": "https://git.kernel.org/stable/c/1fc9b20a7688000fcf4d7fbaa58e415a3cdda961"}, {"url": "https://git.kernel.org/stable/c/a92ce570c81dc0feaeb12a429b4bc65686d17967"}], "title": "ipmi: fix use after free in _ipmi_destroy_user()", "x_generator": {"engine": "bippy-1.2.0"}}}}