CVE-2022-50642

Summary

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_ec_typec: zero out stale pointers

cros_typec_get_switch_handles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in port become stale. The stale pointers eventually cause use-after-free or double free in later code paths. Zeroing out all pointer fields after freeing to eliminate these stale pointers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf28adb41dab4a2795fd959750df57adffd2bb0be < 0ceadb5a3e45f1b81cf54bd496b40a5e50b6bd40affected
LinuxLinuxf28adb41dab4a2795fd959750df57adffd2bb0be < b610758bb3e0674644c1255cdafc2f46b7e05ff9affected
LinuxLinuxf28adb41dab4a2795fd959750df57adffd2bb0be < 6613f36a2fa5c69e528bccba8b3d831f759dad2faffected
LinuxLinuxf28adb41dab4a2795fd959750df57adffd2bb0be < 9a8aadcf0b459c1257b9477fd6402e1d5952ae07affected
LinuxLinux5.9affected
LinuxLinux0 < 5.9unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References