high
7.8
CWE
416
Advisory Published
Updated

CVE-2022-49524: media: pci: cx23885: Fix the error handling in cx23885_initdev()

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver will get the following splat: [ 55.853884] BUG: KASAN: use-after-free in __process_removed_driver+0x3c/0x240 [ 55.854486] Read of size 8 at addr ffff88810de60408 by task modprobe/590 [ 55.856822] Call Trace: [ 55.860327] __process_removed_driver+0x3c/0x240 [ 55.861347] bus_for_each_dev+0x102/0x160 [ 55.861681] i2c_del_driver+0x2f/0x50 This is because the driver has initialized the i2c related resources in cx23885_dev_setup() but not released them in error handling, fix this bug by modifying the error path that jumps after failing to call the dma_set_mask().

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel<4.14.283
Linux Kernel>=4.15<4.19.247
Linux Kernel>=4.20<5.4.198
Linux Kernel>=5.5<5.10.121
Linux Kernel>=5.11<5.15.46
Linux Kernel>=5.16<5.17.14
Linux Kernel>=5.18<5.18.3

Remedy

https://git.kernel.org/stable/c/453514a874c78df1e7804e6e3aaa60c8d8deb6a8

Remedy

https://git.kernel.org/stable/c/6041d1a0365baa729b6adfb6ed5386d9388018db

Remedy

https://git.kernel.org/stable/c/7b9978e1c94e569d65a0e7e719abb9340f5db4a0

Remedy

https://git.kernel.org/stable/c/86bd6a579c6c60547706cabf299cd2c9feab3332

Remedy

https://git.kernel.org/stable/c/98106f100f50c487469903b9cf6d966785fc9cc3

Remedy

https://git.kernel.org/stable/c/ca17e7a532d1a55466cc007b3f4d319541a27493

Remedy

https://git.kernel.org/stable/c/e8123311cf06d7dae71e8c5fe78e0510d20cd30b

Remedy

https://git.kernel.org/stable/c/fa636e9ee4442215cd9a2e079cd5a8e1fe0cb8ba

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-49524?

    CVE-2022-49524 is classified as a medium severity vulnerability affecting the Linux kernel.

  • How do I fix CVE-2022-49524?

    To mitigate CVE-2022-49524, update the Linux kernel to a version that includes the fix.

  • Which versions of the Linux kernel are affected by CVE-2022-49524?

    CVE-2022-49524 affects multiple versions of the Linux kernel, including those from 4.14.283 up to 5.18.3.

  • What type of vulnerability is CVE-2022-49524?

    CVE-2022-49524 is a use-after-free vulnerability detected in the Linux kernel's media subsystem.

  • What components of the Linux kernel does CVE-2022-49524 impact?

    CVE-2022-49524 impacts the PCI media driver related to the cx23885 device.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203