-
CVE-2022-50725
- EPSS 0.03%
- Veröffentlicht 24.12.2025 12:22:46
- Zuletzt bearbeitet 29.12.2025 15:58:34
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core] Call Trace: ... dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core] vidtv_bridge_probe+0x7bf/0xa40 [dvb_vidtv_bridge] platform_probe+0xb6/0x170 ... Allocated by task 1238: ... dvb_register_device+0x1a7/0xa70 [dvb_core] dvb_dmxdev_init+0x2af/0x4a0 [dvb_core] vidtv_bridge_probe+0x766/0xa40 [dvb_vidtv_bridge] ... Freed by task 1238: dvb_register_device+0x6d2/0xa70 [dvb_core] dvb_dmxdev_init+0x2af/0x4a0 [dvb_core] vidtv_bridge_probe+0x766/0xa40 [dvb_vidtv_bridge] ... It is because the error handling in vidtv_bridge_dvb_init() is wrong. First, vidtv_bridge_dmx(dev)_init() will clean themselves when fail, but goto fail_dmx(_dev): calls release functions again, which causes use-after-free. Also, in fail_fe, fail_tuner_probe and fail_demod_probe, j = i will cause out-of-bound when i finished its loop (i == NUM_FE). And the loop releasing is wrong, although now NUM_FE is 1 so it won't cause problem. Fix this by correctly releasing everything.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
0369af6fe33d4053899b121b32e91f870b2cf0ae
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Status
affected
Version <
c290aa527fd832d278c6388a3ba53a9890fbd74a
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Status
affected
Version <
06398ce69571a43a8a0dd0f1bfe35d221f726a6a
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Status
affected
Version <
8a204a0b4a0d105229735222c515759ea2b126c1
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Status
affected
Version <
ba8d9405935097e296bcf7a942c3a01df0edb865
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
5.10
Status
affected
Version <
5.10
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.065 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|