{"id":"CVE-2022-50767","summary":"fbdev: smscufx: Fix several use-after-free bugs","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: smscufx: Fix several use-after-free bugs\n\nSeveral types of UAFs can occur when physically removing a USB device.\n\nAdds ufx_ops_destroy() function to .fb_destroy of fb_ops, and\nin this function, there is kref_put() that finally calls ufx_free().\n\nThis fix prevents multiple UAFs.","modified":"2026-03-20T12:22:38.355552Z","published":"2025-12-24T13:05:57.569Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0350-1","SUSE-SU-2026:0369-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50767.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3f40852d671072836fb7ae331a1f28a24223c4e8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5385af2f89bc352fb70753ab41b2bb036190141f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6f2075ea883e5d7730d0c9ebb1bb8e7a1a7e953f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/70faf9d9b6cc74418716bbf76fe75bd2da10ad4a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8d924b262f3178a9b17c17d4306a9f426c508bd9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cc67482c9e5f2c80d62f623bcc347c29f9f648e1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cc6a7249842fceda7574ceb63275a2d5e99d2862"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d9ddfeb01fb95ffbbc7031d46a5ee2a5e45cbb86"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50767.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50767"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3c8a63e22a0802fd56380f6ab305b419f18eb6f5"},{"fixed":"6f2075ea883e5d7730d0c9ebb1bb8e7a1a7e953f"},{"fixed":"3f40852d671072836fb7ae331a1f28a24223c4e8"},{"fixed":"70faf9d9b6cc74418716bbf76fe75bd2da10ad4a"},{"fixed":"5385af2f89bc352fb70753ab41b2bb036190141f"},{"fixed":"d9ddfeb01fb95ffbbc7031d46a5ee2a5e45cbb86"},{"fixed":"cc6a7249842fceda7574ceb63275a2d5e99d2862"},{"fixed":"8d924b262f3178a9b17c17d4306a9f426c508bd9"},{"fixed":"cc67482c9e5f2c80d62f623bcc347c29f9f648e1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50767.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.2.0"},{"fixed":"4.9.332"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.298"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.264"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.223"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.153"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50767.json"}}],"schema_version":"1.7.5"}