This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-55394 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://lore.kernel.org/linux-cve-announce/2025061814-CVE-2022-50128-51bc@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-50128 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-50128 cve-icon
History

Thu, 19 Jun 2025 03:00:00 +0000

Type Values Removed Values Added
Title kernel: android: binder: stop saving a pointer to the VMA
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 18 Jun 2025 14:30:00 +0000

Type Values Removed Values Added
References

Wed, 18 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmap_lock for later use. This is unsafe and there are a number of failure paths *after* the recorded VMA pointer may be freed during setup. There is no callback to the driver to clear the saved pointer from generic mm code. Furthermore, the VMA pointer may become stale if any number of VMA operations end up freeing the VMA so saving it was fragile to being with. Instead, change the binder_alloc struct to record the start address of the VMA and use vma_lookup() to get the vma when needed. Add lockdep mmap_lock checks on updates to the vma pointer to ensure the lock is held and depend on that lock for synchronization of readers and writers - which was already the case anyways, so the smp_wmb()/smp_rmb() was not necessary. [akpm@linux-foundation.org: fix drivers/android/binder_alloc_selftest.c] This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title android: binder: stop saving a pointer to the VMA

Wed, 18 Jun 2025 11:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmap_lock for later use. This is unsafe and there are a number of failure paths *after* the recorded VMA pointer may be freed during setup. There is no callback to the driver to clear the saved pointer from generic mm code. Furthermore, the VMA pointer may become stale if any number of VMA operations end up freeing the VMA so saving it was fragile to being with. Instead, change the binder_alloc struct to record the start address of the VMA and use vma_lookup() to get the vma when needed. Add lockdep mmap_lock checks on updates to the vma pointer to ensure the lock is held and depend on that lock for synchronization of readers and writers - which was already the case anyways, so the smp_wmb()/smp_rmb() was not necessary. [akpm@linux-foundation.org: fix drivers/android/binder_alloc_selftest.c]
Title android: binder: stop saving a pointer to the VMA
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: REJECTED

Assigner: Linux

Published:

Updated: 2025-06-18T14:02:34.964Z

Reserved: 2025-06-18T10:57:27.418Z

Link: CVE-2022-50128

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Rejected

Published: 2025-06-18T11:15:42.590

Modified: 2025-06-18T14:15:24.210

Link: CVE-2022-50128

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2022-50128 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.