VYPR
Unrated severityNVD Advisory· Published Feb 26, 2025· Updated May 21, 2025

scsi: target: tcmu: Fix possible page UAF

CVE-2022-49053

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: tcmu: Fix possible page UAF

tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount properly and just returns page pointer. When tcmu_try_get_data_page() returns, the returned page may have been freed by tcmu_blocks_release().

We need to get_page() under cmdr_lock to avoid concurrent tcmu_blocks_release().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

156

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.