Description

In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests. device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->module); The problem is fixed by copying fw_upload_priv->module to a local variable for use when calling device_unregister().

INFO

Published Date :

2025-06-18T11:00:14.694Z

Last Modified :

2025-06-18T11:00:14.694Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-49951 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49951.

URL Resource
https://git.kernel.org/stable/c/8b40c38e37492b5bdf8e95b46b5cca9517a9957a cve-icon cve-icon
https://git.kernel.org/stable/c/d380d40930a674c520a5b55f3be1eb17dc634ebc cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025061810-CVE-2022-49951-bc9b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-49951 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-49951 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact