CVE-2022-49951

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue has been identified in the Linux kernel's firmware loader. The problem occurs during the unregister process, where the device unregister() call could result in the dev release function freeing the fw upload priv structure before it is dereferenced for the module put() call. This issue was discovered by the kernel test robot using CONFIG KASAN while running firmware selftests. The vulnerable code is located within firmware upload unregister(), specifically in the calls to device unregister(&fw sysfs->dev) and module put(fw upload priv->module).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.