CVE-2022-49524

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver will get the following splat: [ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240 [ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590 [ 55.856822] Call Trace: [ 55.860327] __process_removed_driver+0x3c/0x240 [ 55.861347] bus_for_each_dev+0x102/0x160 [ 55.861681] i2c_del_driver+0x2f/0x50 This is because the driver has initialized the i2c related resources in cx23885_dev_setup() but not released them in error handling, fix this bug by modifying the error path that jumps after failing to call the dma_set_mask().

The following products are affected by CVE-2022-49524 vulnerability.

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49524.

URL	Resource
https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8
https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db
https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0
https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332
https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3
https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493
https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b
https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba
https://lore.kernel.org/linux-cve-announce/2025022611-CVE-2022-49524-74f0@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49524
https://www.cve.org/CVERecord?id=CVE-2022-49524