ghsa-q2r6-4p8p-594q
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
media: pci: cx23885: Fix the error handling in cx23885_initdev()
When the driver fails to call the dma_set_mask(), the driver will get the following splat:
[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240 [ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590 [ 55.856822] Call Trace: [ 55.860327] __process_removed_driver+0x3c/0x240 [ 55.861347] bus_for_each_dev+0x102/0x160 [ 55.861681] i2c_del_driver+0x2f/0x50
This is because the driver has initialized the i2c related resources in cx23885_dev_setup() but not released them in error handling, fix this bug by modifying the error path that jumps after failing to call the dma_set_mask().
{
"affected": [],
"aliases": [
"CVE-2022-49524"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:28Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: cx23885: Fix the error handling in cx23885_initdev()\n\nWhen the driver fails to call the dma_set_mask(), the driver will get\nthe following splat:\n\n[ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240\n[ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590\n[ 55.856822] Call Trace:\n[ 55.860327] __process_removed_driver+0x3c/0x240\n[ 55.861347] bus_for_each_dev+0x102/0x160\n[ 55.861681] i2c_del_driver+0x2f/0x50\n\nThis is because the driver has initialized the i2c related resources\nin cx23885_dev_setup() but not released them in error handling, fix this\nbug by modifying the error path that jumps after failing to call the\ndma_set_mask().",
"id": "GHSA-q2r6-4p8p-594q",
"modified": "2025-02-27T21:32:14Z",
"published": "2025-02-27T21:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49524"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.