Linux Kernel up to 5.10.153 munmap use after free

Summaryinfo

A vulnerability has been found in Linux Kernel up to 5.10.153 and classified as critical. The impacted element is the function munmap. This manipulation causes use after free. This vulnerability is registered as CVE-2022-50240. No exploit is available. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Linux Kernel up to 5.10.153. It has been declared as critical. Affected by this vulnerability is the function munmap. The manipulation with an unknown input leads to a use after free vulnerability. The CWE definition for the vulnerability is CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmap_lock for later use. This is unsafe and there are a number of failure paths *after* the recorded VMA pointer may be freed during setup. There is no callback to the driver to clear the saved pointer from generic mm code. Furthermore, the VMA pointer may become stale if any number of VMA operations end up freeing the VMA so saving it was fragile to being with. Instead, change the binder_alloc struct to record the start address of the VMA and use vma_lookup() to get the vma when needed. Add lockdep mmap_lock checks on updates to the vma pointer to ensure the lock is held and depend on that lock for synchronization of readers and writers - which was already the case anyways, so the smp_wmb()/smp_rmb() was not necessary. [[email protected]: fix drivers/android/binder_alloc_selftest.c]

It is possible to read the advisory at git.kernel.org. This vulnerability is known as CVE-2022-50240 since 09/15/2025. The exploitation appears to be easy. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 01/10/2026).

The vulnerability scanner Nessus provides a plugin with the ID 265164 (Linux Distros Unpatched Vulnerability : CVE-2022-50240), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 5.10.154 eliminates this vulnerability. Applying the patch 015ac18be7de25d17d6e5f1643cb3b60bfbe859e is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the databases at Tenable (265164) and CERT Bund (WID-SEC-2025-2053). Be aware that VulDB is the high quality source for vulnerability data.

Affected

• Debian Linux
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• IBM QRadar SIEM
• SUSE openSUSE
• Open Source Linux Kernel
• RESF Rocky Linux
• Dell Secure Connect Gateway
• F5 F5OS

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.10.153

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion