7.8

CVE-2022-49724

tty: goldfish: Fix free_irq() on remove

In the Linux kernel, the following vulnerability has been resolved:

tty: goldfish: Fix free_irq() on remove

Pass the correct dev_id to free_irq() to fix this splat when the driver
is unbound:

 WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq
 Trying to free already-free IRQ 65
 Call Trace:
  warn_slowpath_fmt
  free_irq
  goldfish_tty_remove
  platform_remove
  device_remove
  device_release_driver_internal
  device_driver_detach
  unbind_store
  drv_attr_store
  ...
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.6 < 4.14.285
LinuxLinux Kernel Version >= 4.15 < 4.19.249
LinuxLinux Kernel Version >= 4.20 < 5.4.200
LinuxLinux Kernel Version >= 5.5 < 5.10.124
LinuxLinux Kernel Version >= 5.11 < 5.15.49
LinuxLinux Kernel Version >= 5.16 < 5.18.6
LinuxLinux Kernel Version5.19 Updaterc1
LinuxLinux Kernel Version5.19 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.173
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/499e13aac6c762e1e828172b0f0f5275651d6512
Patch
https://git.kernel.org/stable/c/65ca4db68b6819244df9024aea4be55edf8af1ef
Patch
https://git.kernel.org/stable/c/a6fcd7ffd76a9c1d998a2d02d518c78a55c5bed8
Patch
https://git.kernel.org/stable/c/c4b0b8edccb0cfb15a8cecf4161e0571d3daac64
Patch
https://git.kernel.org/stable/c/c83a1d40dc624070a203eb383ef9fb60eb634136
Patch
https://git.kernel.org/stable/c/f7183c76d500324b8b5bd0af5e663cfa57b7b836
Patch
https://git.kernel.org/stable/c/fb15e79cacddfbc62264e6e807bde50ad688e988
Patch