CVE-2022-49524

HIGH EPSS 15.8%
Published Feb 26, 20251y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver will get the following splat: [ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240 [ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590 [ 55.856822] Call Trace: [ 55.860327] __process_removed_driver+0x3c/0x240 [ 55.861347] bus_for_each_dev+0x102/0x160 [ 55.861681] i2c_del_driver+0x2f/0x50 This is because the driver has initialized the i2c related resources in cx23885_dev_setup() but not released them in error handling, fix this bug by modifying the error path that jumps after failing to call the dma_set_mask().

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
15.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel* <4.14.283
linuxlinux_kernel*≥4.15  –  <4.19.247
linuxlinux_kernel*≥4.20  –  <5.4.198
linuxlinux_kernel*≥5.5  –  <5.10.121
linuxlinux_kernel*≥5.11  –  <5.15.46
linuxlinux_kernel*≥5.16  –  <5.17.14
linuxlinux_kernel*≥5.18  –  <5.18.3

References 8

  • git.kernel.org https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba
    Patch