vulnerability

Red Hat: CVE-2022-50421: kernel: rpmsg: char: Avoid double destroy of default endpoint (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:M/Au:M/C:N/I:C/A:C)	Oct 1, 2025	Nov 14, 2025	Dec 12, 2025

Severity

CVSS

(AV:L/AC:M/Au:M/C:N/I:C/A:C)

Published

Oct 1, 2025

Added

Nov 14, 2025

Modified

Dec 12, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

rpmsg: char: Avoid double destroy of default endpoint

The rpmsg_dev_remove() in rpmsg_core is the place for releasing
this default endpoint.

So need to avoid destroying the default endpoint in
rpmsg_chrdev_eptdev_destroy(), this should be the same as
rpmsg_eptdev_release(). Otherwise there will be double destroy
issue that ept->refcount report warning:

refcount_t: underflow; use-after-free.

Call trace:
refcount_warn_saturate+0xf8/0x150
virtio_rpmsg_destroy_ept+0xd4/0xec
rpmsg_dev_remove+0x60/0x70

The issue can be reproduced by stopping remoteproc before
closing the /dev/rpmsgX.

Solutions

redhat-upgrade-kernelredhat-upgrade-kernel-rt

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today