7.8
CVE-2022-50274
- EPSS 0.15%
- Veröffentlicht 15.09.2025 14:21:10
- Zuletzt bearbeitet 03.12.2025 18:21:27
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
media: dvbdev: adopts refcnt to avoid UAF
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it. This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 4.14.303
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.270
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.229
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.163
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.86
Linux ≫ Linux Kernel Version >= 5.16 < 6.0.16
Linux ≫ Linux Kernel Version >= 6.1 < 6.1.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.046 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97
https://git.kernel.org/stable/c/219b44bf94203bd433aa91b7796475bf656348e5
https://git.kernel.org/stable/c/6d18b44bb44e1f4d97dfe0efe92ac0f0984739c2
https://git.kernel.org/stable/c/2abd73433872194bccdf1432a0980e4ec5273c2a
https://git.kernel.org/stable/c/88a6f8a72d167294c0931c7874941bf37a41b6dd
https://git.kernel.org/stable/c/a2f0a08aa613176c9688c81d7b598a7779974991
https://git.kernel.org/stable/c/9945d05d6693710574f354c5dbddc47f5101eb77
https://git.kernel.org/stable/c/0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79