Description

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io triggers KASAN use-after-free. To avoid the use-after-free, keep the reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to fsl_destroy_mc_io(). This patch needs rework to apply to kernels older than v5.15.

INFO

Published Date :

2025-02-26T02:24:28.224Z

Last Modified :

2026-01-19T12:17:41.156Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49711 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49711.

URL Resource
https://git.kernel.org/stable/c/161b68b0a728377aaa10a8e14c70e7734f3c9ff7 cve-icon cve-icon
https://git.kernel.org/stable/c/720ab105df7bf3eee62d2bddd41526b29d07d045 cve-icon cve-icon
https://git.kernel.org/stable/c/928ea98252ad75118950941683893cf904541da9 cve-icon cve-icon
https://git.kernel.org/stable/c/ccd1751092341ac120a961835211f9f2e3735963 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025022631-CVE-2022-49711-3cab@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49711 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49711 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact