7.8

CVE-2022-49524

media: pci: cx23885: Fix the error handling in cx23885_initdev()

In the Linux kernel, the following vulnerability has been resolved:

media: pci: cx23885: Fix the error handling in cx23885_initdev()

When the driver fails to call the dma_set_mask(), the driver will get
the following splat:

[   55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240
[   55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590
[   55.856822] Call Trace:
[   55.860327]  __process_removed_driver+0x3c/0x240
[   55.861347]  bus_for_each_dev+0x102/0x160
[   55.861681]  i2c_del_driver+0x2f/0x50

This is because the driver has initialized the i2c related resources
in cx23885_dev_setup() but not released them in error handling, fix this
bug by modifying the error path that jumps after failing to call the
dma_set_mask().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.14.283
LinuxLinux Kernel Version >= 4.15 < 4.19.247
LinuxLinux Kernel Version >= 4.20 < 5.4.198
LinuxLinux Kernel Version >= 5.5 < 5.10.121
LinuxLinux Kernel Version >= 5.11 < 5.15.46
LinuxLinux Kernel Version >= 5.16 < 5.17.14
LinuxLinux Kernel Version >= 5.18 < 5.18.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.165
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8
Patch
https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db
Patch
https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0
Patch
https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332
Patch
https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3
Patch
https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493
Patch
https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b
Patch
https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba
Patch