CVE-2022-50840 - Vulnerability Details

- scsi: snic: Fix possible UAF in snic_tgt_create()

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: snic: Fix possible UAF in snic_tgt_create()

Smatch reports a warning as follows:

drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn:
'&tgt->list' not removed from list

If device_add() fails in snic_tgt_create(), tgt will be freed, but
tgt->list will not be removed from snic->disc.tgt_list, then list traversal
may cause UAF.

Remove from snic->disc.tgt_list before free().

Published: 2025-12-30

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< f9d8b8ba0f1a16cde0b1fc9e80466df76b6db8ff
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< 3772319e40527e6a5f2ec1d729e01f271d818f5c
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< 3007f96ca20c848d0b1b052df6d2cb5ae5586e78
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< 6866154c23fba40888ad6d554cccd4bf2edb755e
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< ad27f74e901fc48729733c88818e6b96c813057d
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< 1895e908b3ae66a5312fd1b2cdda2da82993dca7
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< c7f0f8dab1ae5def57c1a8a9cafd6fabe1dc27cc
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< 4141cd9e8b3379aea52a85d2c35f6eaf26d14e86
`c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa`	affected	< e118df492320176af94deec000ae034cc92be754

Linux

affected

Version	Status	Constraints
`4.2`	affected	—
`0`	unaffected	< 4.2
`4.9.337`	unaffected	≤ 4.9.*
`4.14.303`	unaffected	≤ 4.14.*
`4.19.270`	unaffected	≤ 4.19.*
`5.4.229`	unaffected	≤ 5.4.*
`5.10.163`	unaffected	≤ 5.10.*
`5.15.86`	unaffected	≤ 5.15.*
`6.0.16`	unaffected	≤ 6.0.*
`6.1.2`	unaffected	≤ 6.1.*
`6.2`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00064.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1895e908b3ae66a5312fd1b2cdda2da82993dca7
https://git.kernel.org/stable/c/3007f96ca20c848d0b1b052df6d2cb5ae5586e78
https://git.kernel.org/stable/c/3772319e40527e6a5f2ec1d729e01f271d818f5c
https://git.kernel.org/stable/c/4141cd9e8b3379aea52a85d2c35f6eaf26d14e86
https://git.kernel.org/stable/c/6866154c23fba40888ad6d554cccd4bf2edb755e
https://git.kernel.org/stable/c/ad27f74e901fc48729733c88818e6b96c813057d
https://git.kernel.org/stable/c/c7f0f8dab1ae5def57c1a8a9cafd6fabe1dc27cc
https://git.kernel.org/stable/c/e118df492320176af94deec000ae034cc92be754
https://git.kernel.org/stable/c/f9d8b8ba0f1a16cde0b1fc9e80466df76b6db8ff
https://lore.kernel.org/linux-cve-announce/2025123019-CVE-2022-50840-678c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50840
https://www.cve.org/CVERecord?id=CVE-2022-50840

History

Thu, 01 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123019-CVE-2022-50840-678c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50840 https://www.cve.org/CVERecord?id=CVE-2022-50840

Tue, 30 Dec 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn: '&tgt->list' not removed from list If device_add() fails in snic_tgt_create(), tgt will be freed, but tgt->list will not be removed from snic->disc.tgt_list, then list traversal may cause UAF. Remove from snic->disc.tgt_list before free().
Title		scsi: snic: Fix possible UAF in snic_tgt_create()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1895e908b3ae66a5312fd1b2cdda2da82993dca7 https://git.kernel.org/stable/c/3007f96ca20c848d0b1b052df6d2cb5ae5586e78 https://git.kernel.org/stable/c/3772319e40527e6a5f2ec1d729e01f271d818f5c https://git.kernel.org/stable/c/4141cd9e8b3379aea52a85d2c35f6eaf26d14e86 https://git.kernel.org/stable/c/6866154c23fba40888ad6d554cccd4bf2edb755e https://git.kernel.org/stable/c/ad27f74e901fc48729733c88818e6b96c813057d https://git.kernel.org/stable/c/c7f0f8dab1ae5def57c1a8a9cafd6fabe1dc27cc https://git.kernel.org/stable/c/e118df492320176af94deec000ae034cc92be754 https://git.kernel.org/stable/c/f9d8b8ba0f1a16cde0b1fc9e80466df76b6db8ff

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:10:59.066Z

Updated: 2026-05-11T19:26:07.823Z

Reserved: 2025-12-30T12:06:07.133Z

Link: CVE-2022-50840

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-30T13:15:58.570

Modified: 2026-04-15T00:35:42.020

Link: CVE-2022-50840

Redhat

Severity :

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2022-50840 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object