CVE-2022-50192

Summary

In the Linux kernel, the following vulnerability has been resolved:

spi: tegra20-slink: fix UAF in tegra_slink_remove()

After calling spi_unregister_master(), the refcount of master will be decrease to 0, and it will be freed in spi_controller_release(), the device data also will be freed, so it will lead a UAF when using 'tspi'. To fix this, get the master before unregister and put it when finish using it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux26c863418221344b1cfb8e6c11116b2b81144281 < 415b4ce61308f24583912d887772dfcbf97f1d20affected
LinuxLinux26c863418221344b1cfb8e6c11116b2b81144281 < 800c7767e05d29656713e04532823a752e57e037affected
LinuxLinux26c863418221344b1cfb8e6c11116b2b81144281 < 67f77172644260482fdafc03b6025847944701e5affected
LinuxLinux26c863418221344b1cfb8e6c11116b2b81144281 < 7e9984d183bb1e99e766c5c2b950ff21f7f7b6c0affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.61 <= 5.15.*unaffected
LinuxLinux5.18.18 <= 5.18.*unaffected
LinuxLinux5.19.2 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References