CVE-2022-49951 Information

Jun 19, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

firmware_loader: Fix use-after-free during unregister

In the following code within firmware_upload_unregister() the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests.

device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->module);

The problem is fixed by copying fw_upload_priv->module to a local variable for use when calling device_unregister().

Reference

https://git.kernel.org/stable/c/8b40c38e37492b5bdf8e95b46b5cca9517a9957a https://git.kernel.org/stable/c/d380d40930a674c520a5b55f3be1eb17dc634ebc

CNNVD-202506-2238 (Published: 2025-06-18)

Share on: