CVE-2022-41218: Use After Free

First published: Wed Aug 31 2022(Updated: )

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<0:4.18.0-477.10.1.rt7.274.el8_8	0:4.18.0-477.10.1.rt7.274.el8_8
redhat/kernel	<0:4.18.0-477.10.1.el8_8	0:4.18.0-477.10.1.el8_8
Linux Linux kernel	<=5.19.10
Debian Debian Linux	=11.0
ubuntu/linux	<4.15.0-208.220	4.15.0-208.220
ubuntu/linux	<5.4.0-144.161	5.4.0-144.161
ubuntu/linux	<5.15.0-69.76	5.15.0-69.76
ubuntu/linux	<5.19.0-40.41	5.19.0-40.41
ubuntu/linux	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux	<4.4.0-239.273	4.4.0-239.273
ubuntu/linux-aws	<4.15.0-1153.166	4.15.0-1153.166
ubuntu/linux-aws	<5.4.0-1097.105	5.4.0-1097.105
ubuntu/linux-aws	<5.15.0-1033.37	5.15.0-1033.37
ubuntu/linux-aws	<5.19.0-1023.24	5.19.0-1023.24
ubuntu/linux-aws	<4.4.0-1117.123	4.4.0-1117.123
ubuntu/linux-aws	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-aws	<4.4.0-1155.170	4.4.0-1155.170
ubuntu/linux-aws-5.0	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-aws-5.15	<5.15.0-1033.37~20.04.1	5.15.0-1033.37~20.04.1
ubuntu/linux-aws-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-aws-5.4	<5.4.0-1097.105~18.04.1	5.4.0-1097.105~18.04.1
ubuntu/linux-aws-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-aws-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-aws-fips	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-aws-hwe	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-aws-hwe	<4.15.0-1153.166~16.04.1	4.15.0-1153.166~16.04.1
ubuntu/linux-azure	<5.4.0-1104.110	5.4.0-1104.110
ubuntu/linux-azure	<5.15.0-1035.42	5.15.0-1035.42
ubuntu/linux-azure	<5.19.0-1023.24	5.19.0-1023.24
ubuntu/linux-azure	<4.15.0-1162.177~14.04.1	4.15.0-1162.177~14.04.1
ubuntu/linux-azure	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-azure	<4.15.0-1162.177~16.04.1	4.15.0-1162.177~16.04.1
ubuntu/linux-azure-4.15	<4.15.0-1162.177	4.15.0-1162.177
ubuntu/linux-azure-4.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-azure-5.15	<5.15.0-1035.42~20.04.1	5.15.0-1035.42~20.04.1
ubuntu/linux-azure-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-azure-5.19	<5.19.0-1023.24~22.04.1	5.19.0-1023.24~22.04.1
ubuntu/linux-azure-5.4	<5.4.0-1104.110~18.04.1	5.4.0-1104.110~18.04.1
ubuntu/linux-azure-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-azure-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-azure-edge	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-azure-fde	<5.4.0-1104.110	5.4.0-1104.110
ubuntu/linux-azure-fde	<5.15.0-1035.42.1	5.15.0-1035.42.1
ubuntu/linux-azure-fde	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-azure-fde-5.15	<5.15.0-1035.42~20.04.1.1	5.15.0-1035.42~20.04.1.1
ubuntu/linux-azure-fde-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-azure-fips	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-bluefield	<5.4.0-1059.65	5.4.0-1059.65
ubuntu/linux-bluefield	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-dell300x	<4.15.0-1062.67	4.15.0-1062.67
ubuntu/linux-dell300x	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-fips	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gcp	<5.4.0-1101.110	5.4.0-1101.110
ubuntu/linux-gcp	<5.15.0-1031.38	5.15.0-1031.38
ubuntu/linux-gcp	<5.19.0-1020.22	5.19.0-1020.22
ubuntu/linux-gcp	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gcp	<4.15.0-1147.163~16.04.1	4.15.0-1147.163~16.04.1
ubuntu/linux-gcp-4.15	<4.15.0-1147.163	4.15.0-1147.163
ubuntu/linux-gcp-4.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gcp-5.15	<5.15.0-1031.38~20.04.1	5.15.0-1031.38~20.04.1
ubuntu/linux-gcp-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gcp-5.4	<5.4.0-1101.110~18.04.1	5.4.0-1101.110~18.04.1
ubuntu/linux-gcp-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gcp-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gcp-fips	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gke	<5.4.0-1095.102	5.4.0-1095.102
ubuntu/linux-gke	<5.15.0-1030.35	5.15.0-1030.35
ubuntu/linux-gke	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gke-4.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gke-5.0	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gke-5.15	<5.15.0-1029.34~20.04.1	5.15.0-1029.34~20.04.1
ubuntu/linux-gke-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gke-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gkeop	<5.4.0-1065.69	5.4.0-1065.69
ubuntu/linux-gkeop	<5.15.0-1017.22	5.15.0-1017.22
ubuntu/linux-gkeop	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gkeop-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-gkeop-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-hwe	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-hwe	<4.15.0-208.219~16.04.1	4.15.0-208.219~16.04.1
ubuntu/linux-hwe-5.15	<5.15.0-69.76~20.04.1	5.15.0-69.76~20.04.1
ubuntu/linux-hwe-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-hwe-5.19	<5.19.0-40.41~22.04.1	5.19.0-40.41~22.04.1
ubuntu/linux-hwe-5.4	<5.4.0-144.161~18.04.1	5.4.0-144.161~18.04.1
ubuntu/linux-hwe-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-hwe-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-hwe-edge	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-ibm	<5.4.0-1045.50	5.4.0-1045.50
ubuntu/linux-ibm	<5.15.0-1027.30	5.15.0-1027.30
ubuntu/linux-ibm	<5.19.0-1020.22	5.19.0-1020.22
ubuntu/linux-ibm	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-ibm-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-ibm-5.4	<5.4.0-1045.50~18.04.1	5.4.0-1045.50~18.04.1
ubuntu/linux-ibm-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-intel	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-intel-5.13	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-intel-iotg	<5.15.0-1027.32	5.15.0-1027.32
ubuntu/linux-intel-iotg	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-intel-iotg-5.15	<5.15.0-1027.32~20.04.1	5.15.0-1027.32~20.04.1
ubuntu/linux-intel-iotg-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-iot	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-kvm	<4.15.0-1137.142	4.15.0-1137.142
ubuntu/linux-kvm	<5.4.0-1087.93	5.4.0-1087.93
ubuntu/linux-kvm	<5.15.0-1030.35	5.15.0-1030.35
ubuntu/linux-kvm	<5.19.0-1021.22	5.19.0-1021.22
ubuntu/linux-kvm	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-kvm	<4.4.0-1118.128	4.4.0-1118.128
ubuntu/linux-laptop	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-lowlatency	<5.15.0-69.76	5.15.0-69.76
ubuntu/linux-lowlatency	<5.19.0-1022.23	5.19.0-1022.23
ubuntu/linux-lowlatency	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-lowlatency-hwe-5.15	<5.15.0-69.76~20.04.1	5.15.0-69.76~20.04.1
ubuntu/linux-lowlatency-hwe-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-lowlatency-hwe-5.19	<5.19.0-1022.23~22.04.1	5.19.0-1022.23~22.04.1
ubuntu/linux-lowlatency-hwe-5.19	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-lowlatency-hwe-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-lts-xenial	<4.4.0-239.273~14.04.1	4.4.0-239.273~14.04.1
ubuntu/linux-lts-xenial	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-nvidia	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-nvidia-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-5.10	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-5.14	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-5.17	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-5.6	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-6.0	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-6.1	<6.1.0-1007.7	6.1.0-1007.7
ubuntu/linux-oem-6.1	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-6.8	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oem-osp1	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oracle	<4.15.0-1116.127	4.15.0-1116.127
ubuntu/linux-oracle	<5.4.0-1094.103	5.4.0-1094.103
ubuntu/linux-oracle	<5.15.0-1032.38	5.15.0-1032.38
ubuntu/linux-oracle	<5.19.0-1020.23	5.19.0-1020.23
ubuntu/linux-oracle	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oracle	<4.15.0-1116.127~16.04.1	4.15.0-1116.127~16.04.1
ubuntu/linux-oracle-5.0	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oracle-5.13	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oracle-5.15	<5.15.0-1032.38~20.04.1	5.15.0-1032.38~20.04.1
ubuntu/linux-oracle-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oracle-5.4	<5.4.0-1094.103~18.04.1	5.4.0-1094.103~18.04.1
ubuntu/linux-oracle-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-oracle-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-raspi	<5.4.0-1081.92	5.4.0-1081.92
ubuntu/linux-raspi	<5.15.0-1026.28	5.15.0-1026.28
ubuntu/linux-raspi	<5.19.0-1016.23	5.19.0-1016.23
ubuntu/linux-raspi	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-raspi-5.4	<5.4.0-1081.92~18.04.1	5.4.0-1081.92~18.04.1
ubuntu/linux-raspi-5.4	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-raspi2	<4.15.0-1129.137	4.15.0-1129.137
ubuntu/linux-raspi2	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-riscv	<5.19.0-1016.17	5.19.0-1016.17
ubuntu/linux-riscv	<6.2.0-19.19.1	6.2.0-19.19.1
ubuntu/linux-riscv	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-riscv-5.15	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-riscv-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-snapdragon	<4.15.0-1148.158	4.15.0-1148.158
ubuntu/linux-snapdragon	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-starfive	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-starfive-6.5	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
ubuntu/linux-xilinx-zynqmp	<6.2~<5.4.229<5.15.87	6.2~ 5.4.229 5.15.87
debian/linux		5.10.218-1 5.10.221-1 6.1.94-1 6.1.99-1 6.9.10-1 6.9.12-1

Remedy

https://lore.kernel.org/all/20220908132754.30532-1-tiwai@suse.de/

Remedy

To mitigate this issue, prevent the module dvb-core from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.

Remedy

https://git.kernel.org/linus/57861b432bda77f8bfafda2fb6f5a922d5f3aef1

Remedy

https://git.kernel.org/linus/fd3d91ab1c6ab0628fe642dd570b56302c30a792

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

collector/launchpad-cve
collector/redhat-cve
collector/nvd-index
agent/type
agent/first-publish-date
agent/weakness
agent/remedy
agent/severity
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-41218
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-cve
agent/author
agent/last-modified-date
agent/references
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/tags
collector/usn-cve
source/Ubuntu
package-manager/redhat
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/5.19.10
vendor/debian
canonical/debian debian linux
version/debian debian linux/11.0
package-manager/debian
package-manager/ubuntu

CVE-2022-41218: Use After Free

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact