#VU120404 Use-after-free in Linux kernel - CVE-2022-50716
Published: December 26, 2025 / Updated: December 31, 2025
Vulnerability identifier: #VU120404
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-50716
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ar5523_cmd_tx_cb() and ar5523_cmd() functions in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/340524ae7b53a72cf5d9e7bd7790433422b3b12f
- https://git.kernel.org/stable/c/3eca9697c2f3905dea3ad2fc536ebaa1fbd735bd
- https://git.kernel.org/stable/c/601ae89375033ac4870c086e24ba03f235d38e55
- https://git.kernel.org/stable/c/6447beefd21326a3f4719ec2ea511df797f6c820
- https://git.kernel.org/stable/c/7360b323e0343ea099091d4ae09576dbe1f09516
- https://git.kernel.org/stable/c/8af52492717e3538eba3f81d012b1476af8a89a6
- https://git.kernel.org/stable/c/9aef34e1ae35a87e5f6a22278c17823b7ce64c88
- https://git.kernel.org/stable/c/b6702a942a069c2a975478d719e98d83cdae1797
- https://git.kernel.org/stable/c/c9ba3fbf6a488da6cad1d304c5234bd8d729eba3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337