CVE-2022-49951

Summary

In the Linux kernel, the following vulnerability has been resolved:

firmware_loader: Fix use-after-free during unregister

In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests.

device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->module);

The problem is fixed by copying fw_upload_priv->module to a local variable for use when calling device_unregister().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux97730bbb242cde22b7140acd202ffd88823886c9 < d380d40930a674c520a5b55f3be1eb17dc634ebcaffected
LinuxLinux97730bbb242cde22b7140acd202ffd88823886c9 < 8b40c38e37492b5bdf8e95b46b5cca9517a9957aaffected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux5.19.8 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References