VYPR
High severity7.8NVD Advisory· Published Feb 26, 2025· Updated Jun 17, 2026

CVE-2022-49053

CVE-2022-49053

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: tcmu: Fix possible page UAF

tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount properly and just returns page pointer. When tcmu_try_get_data_page() returns, the returned page may have been freed by tcmu_blocks_release().

We need to get_page() under cmdr_lock to avoid concurrent tcmu_blocks_release().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

156

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.