CVE-2022-49711 Information

Mar 01, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()

In fsl_mc_bus_remove() mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io(). However mc->root_mc_bus_dev is already freed in fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io triggers KASAN use-after-free. To avoid the use-after-free keep the reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to fsl_destroy_mc_io().

This patch needs rework to apply to kernels older than v5.15.

Reference

https://git.kernel.org/stable/c/161b68b0a728377aaa10a8e14c70e7734f3c9ff7 https://git.kernel.org/stable/c/928ea98252ad75118950941683893cf904541da9 https://git.kernel.org/stable/c/ccd1751092341ac120a961835211f9f2e3735963

Share on: