7.8

CVE-2022-50274

media: dvbdev: adopts refcnt to avoid UAF

In the Linux kernel, the following vulnerability has been resolved:

media: dvbdev: adopts refcnt to avoid UAF

dvb_unregister_device() is known that prone to use-after-free.
That is, the cleanup from dvb_unregister_device() releases the dvb_device
even if there are pointers stored in file->private_data still refer to it.

This patch adds a reference counter into struct dvb_device and delays its
deallocation until no pointer refers to the object.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.14.303
LinuxLinux Kernel Version >= 4.15 < 4.19.270
LinuxLinux Kernel Version >= 4.20 < 5.4.229
LinuxLinux Kernel Version >= 5.5 < 5.10.163
LinuxLinux Kernel Version >= 5.11 < 5.15.86
LinuxLinux Kernel Version >= 5.16 < 6.0.16
LinuxLinux Kernel Version >= 6.1 < 6.1.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.046
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97
Patch
https://git.kernel.org/stable/c/219b44bf94203bd433aa91b7796475bf656348e5
Patch
https://git.kernel.org/stable/c/6d18b44bb44e1f4d97dfe0efe92ac0f0984739c2
Patch
https://git.kernel.org/stable/c/2abd73433872194bccdf1432a0980e4ec5273c2a
Patch
https://git.kernel.org/stable/c/88a6f8a72d167294c0931c7874941bf37a41b6dd
Patch
https://git.kernel.org/stable/c/a2f0a08aa613176c9688c81d7b598a7779974991
Patch
https://git.kernel.org/stable/c/9945d05d6693710574f354c5dbddc47f5101eb77
Patch
https://git.kernel.org/stable/c/0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79
Patch