-
CVE-2022-50725
- EPSS 0.04%
- Veröffentlicht 24.12.2025 12:22:46
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() KASAN reports a use-after-free: BUG: KASAN: use-after-free in dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core] Call Trace: ... dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core] vidtv_bridge_probe+0x7bf/0xa40 [dvb_vidtv_bridge] platform_probe+0xb6/0x170 ... Allocated by task 1238: ... dvb_register_device+0x1a7/0xa70 [dvb_core] dvb_dmxdev_init+0x2af/0x4a0 [dvb_core] vidtv_bridge_probe+0x766/0xa40 [dvb_vidtv_bridge] ... Freed by task 1238: dvb_register_device+0x6d2/0xa70 [dvb_core] dvb_dmxdev_init+0x2af/0x4a0 [dvb_core] vidtv_bridge_probe+0x766/0xa40 [dvb_vidtv_bridge] ... It is because the error handling in vidtv_bridge_dvb_init() is wrong. First, vidtv_bridge_dmx(dev)_init() will clean themselves when fail, but goto fail_dmx(_dev): calls release functions again, which causes use-after-free. Also, in fail_fe, fail_tuner_probe and fail_demod_probe, j = i will cause out-of-bound when i finished its loop (i == NUM_FE). And the loop releasing is wrong, although now NUM_FE is 1 so it won't cause problem. Fix this by correctly releasing everything.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Version <
0369af6fe33d4053899b121b32e91f870b2cf0ae
Status
affected
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Version <
c290aa527fd832d278c6388a3ba53a9890fbd74a
Status
affected
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Version <
06398ce69571a43a8a0dd0f1bfe35d221f726a6a
Status
affected
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Version <
8a204a0b4a0d105229735222c515759ea2b126c1
Status
affected
Version
f90cf6079bf67988f8b1ad1ade70fc89d0080905
Version <
ba8d9405935097e296bcf7a942c3a01df0edb865
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
5.10
Status
affected
Version
0
Version <
5.10
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.101 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|