CVE-2022-50499

Summary

In the Linux kernel, the following vulnerability has been resolved:

media: dvb-core: Fix double free in dvb_register_device()

In function dvb_register_device() -> dvb_register_media_device() -> dvb_create_media_entity(), dvb->entity is allocated and initialized. If the initialization fails, it frees the dvb->entity, and return an error code. The caller takes the error code and handles the error by calling dvb_media_device_free(), which unregisters the entity and frees the field again if it is not NULL. As dvb->entity may not NULLed in dvb_create_media_entity() when the allocation of dvbdev->pad fails, a double free may occur. This may also cause an Use After free in media_device_unregister_entity().

Fix this by storing NULL to dvb->entity when it is freed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9db28659aa893c68f162b11fd63bb7f6a713e52f < 0588b12c418c3e4f927ced11f27b02ef4a5bfb07affected
LinuxLinux1399a136127bfe1b9bb7c951d9851da62a519121 < e9a78485b658361fab6a5547377be6c1af6f1b3daffected
LinuxLinux4df2427a5148093987437054bb82da4d014dcd59 < 70bc51303871159796b55ba1a8f16637b46c2511affected
LinuxLinuxfcd5ce4b3936242e6679875a4d3c3acfc8743e15 < b21f62b49ee9c3e0216d685d9cfd6003e5727271affected
LinuxLinuxfcd5ce4b3936242e6679875a4d3c3acfc8743e15 < 7dd5a68cdbbbe7fc67ba701cb52ba10d8ba149f8affected
LinuxLinuxfcd5ce4b3936242e6679875a4d3c3acfc8743e15 < acf984a3718c2458eb9e08b6714490a04f213c58affected
LinuxLinuxfcd5ce4b3936242e6679875a4d3c3acfc8743e15 < 772892b29ac50c2c5e918fc80104aa6ede81d837affected
LinuxLinuxfcd5ce4b3936242e6679875a4d3c3acfc8743e15 < 123eddf92a114e03919942641d2c2b1f4ca56ea6affected
LinuxLinuxfcd5ce4b3936242e6679875a4d3c3acfc8743e15 < 6b0d0477fce747d4137aa65856318b55fba72198affected
LinuxLinux8c17f6f5d0d6aab72a2af25c9911ac66e984be06affected
LinuxLinux202be5d6e46f682b9d1d79cd4dc6ab726e62ef1caffected
LinuxLinux4.9.195 < 4.9.337affected
LinuxLinux4.14.147 < 4.14.303affected
LinuxLinux4.19.77 < 4.19.270affected
LinuxLinux5.2.19 < 5.3affected
LinuxLinux5.3.4 < 5.4affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux4.9.337 <= 4.9.*unaffected
LinuxLinux4.14.303 <= 4.14.*unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.87 <= 5.15.*unaffected
LinuxLinux6.0.18 <= 6.0.*unaffected
LinuxLinux6.1.4 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References