CVE-2022-49524

high

Description

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver will get the following splat: [ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240 [ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590 [ 55.856822] Call Trace: [ 55.860327] __process_removed_driver+0x3c/0x240 [ 55.861347] bus_for_each_dev+0x102/0x160 [ 55.861681] i2c_del_driver+0x2f/0x50 This is because the driver has initialized the i2c related resources in cx23885_dev_setup() but not released them in error handling, fix this bug by modifying the error path that jumps after failing to call the dma_set_mask().

References

https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba

https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b

https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493

https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3

https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332

https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0

https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db

https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8

Details

Source: Mitre, NVD

Published: 2025-02-26

Updated: 2025-02-27

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High