CVE-2022-50889 - Vulnerability Details

- dm integrity: Fix UAF in dm_integrity_dtr()

Description

In the Linux kernel, the following vulnerability has been resolved:

dm integrity: Fix UAF in dm_integrity_dtr()

Dm_integrity also has the same UAF problem when dm_resume()
and dm_destroy() are concurrent.

Therefore, cancelling timer again in dm_integrity_dtr().

Published: 2025-12-30

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7eada909bfd7ac90a4522e56aa3179d1fd68cd14`	affected	< 792e51aac376cfb5bd527c2a30826223b82dd177
`7eada909bfd7ac90a4522e56aa3179d1fd68cd14`	affected	< a506b5c92757b034034ef683e667bffc456c600b
`7eada909bfd7ac90a4522e56aa3179d1fd68cd14`	affected	< 9215b25f2e105032114e9b92c9783a2a84ee8af9
`7eada909bfd7ac90a4522e56aa3179d1fd68cd14`	affected	< 9f8e1e54a3a424c6c4fb8742e094789d3ec91e42
`7eada909bfd7ac90a4522e56aa3179d1fd68cd14`	affected	< b6c93cd61afab061d80cc842333abca97b289774
`7eada909bfd7ac90a4522e56aa3179d1fd68cd14`	affected	< f50cb2cbabd6c4a60add93d72451728f86e4791c

Linux

affected

Version	Status	Constraints
`4.12`	affected	—
`0`	unaffected	< 4.12
`5.4.229`	unaffected	≤ 5.4.*
`5.10.163`	unaffected	≤ 5.10.*
`5.15.87`	unaffected	≤ 5.15.*
`6.0.18`	unaffected	≤ 6.0.*
`6.1.4`	unaffected	≤ 6.1.*
`6.2`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/792e51aac376cfb5bd527c2a30826223b82dd177
https://git.kernel.org/stable/c/9215b25f2e105032114e9b92c9783a2a84ee8af9
https://git.kernel.org/stable/c/9f8e1e54a3a424c6c4fb8742e094789d3ec91e42
https://git.kernel.org/stable/c/a506b5c92757b034034ef683e667bffc456c600b
https://git.kernel.org/stable/c/b6c93cd61afab061d80cc842333abca97b289774
https://git.kernel.org/stable/c/f50cb2cbabd6c4a60add93d72451728f86e4791c
https://lore.kernel.org/linux-cve-announce/2025123015-CVE-2022-50889-71c4@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50889
https://www.cve.org/CVERecord?id=CVE-2022-50889

History

Wed, 31 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025123015-CVE-2022-50889-71c4@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50889 https://www.cve.org/CVERecord?id=CVE-2022-50889
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Tue, 30 Dec 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: dm integrity: Fix UAF in dm_integrity_dtr() Dm_integrity also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in dm_integrity_dtr().
Title		dm integrity: Fix UAF in dm_integrity_dtr()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/792e51aac376cfb5bd527c2a30826223b82dd177 https://git.kernel.org/stable/c/9215b25f2e105032114e9b92c9783a2a84ee8af9 https://git.kernel.org/stable/c/9f8e1e54a3a424c6c4fb8742e094789d3ec91e42 https://git.kernel.org/stable/c/a506b5c92757b034034ef683e667bffc456c600b https://git.kernel.org/stable/c/b6c93cd61afab061d80cc842333abca97b289774 https://git.kernel.org/stable/c/f50cb2cbabd6c4a60add93d72451728f86e4791c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:37:06.957Z

Updated: 2026-05-11T19:27:05.858Z

Reserved: 2025-12-30T12:35:41.596Z

Link: CVE-2022-50889

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-30T13:16:04.050

Modified: 2026-04-15T00:35:42.020

Link: CVE-2022-50889

Redhat

Severity : Low

Publid Date: 2025-12-30T00:00:00Z

Links: CVE-2022-50889 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object