CVE-2022-50840
Published Dec 30, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn: '&tgt->list' not removed from list If device_add() fails in snic_tgt_create(), tgt will be freed, but tgt->list will not be removed from snic->disc.tgt_list, then list traversal may cause UAF. Remove from snic->disc.tgt_list before free().
Is your site exposed to CVE-2022-50840?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/1895e908b3ae66a5312fd1b2cdda2da82993dca7
https://git.kernel.org/stable/c/3007f96ca20c848d0b1b052df6d2cb5ae5586e78
https://git.kernel.org/stable/c/3772319e40527e6a5f2ec1d729e01f271d818f5c
https://git.kernel.org/stable/c/4141cd9e8b3379aea52a85d2c35f6eaf26d14e86
https://git.kernel.org/stable/c/6866154c23fba40888ad6d554cccd4bf2edb755e
https://git.kernel.org/stable/c/ad27f74e901fc48729733c88818e6b96c813057d
https://git.kernel.org/stable/c/c7f0f8dab1ae5def57c1a8a9cafd6fabe1dc27cc
https://git.kernel.org/stable/c/e118df492320176af94deec000ae034cc92be754
https://git.kernel.org/stable/c/f9d8b8ba0f1a16cde0b1fc9e80466df76b6db8ff
Frequently Asked Questions
What is CVE-2022-50840? +
In the Linux kernel, the following vulnerability has been resolved:
scsi: snic: Fix possible UAF in snic_tgt_create()
Smatch reports a warning as follows:
drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn:
'&tgt->list' not removed from list
If device_add() fails in snic_tgt_create(), tgt will be freed, but
tgt->list will not be removed from snic->disc.tgt_list, then list traversal
may cause UAF.
Remove from snic->disc.tgt_list before free().
How do I check if I'm vulnerable to CVE-2022-50840? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.