CVE-2022-50499

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s dvb-core component within the dvb register device() function. Specifically, a double free issue can occur during the initialization process of dvb->entity in dvb register media device() and dvb create media entity(). If initialization fails, the dvb->entity is freed, and subsequent calls to dvb media device free() may attempt to free it again, leading to a double free. This can also result in a Use After Free condition in media device unregister entity(). The issue arises because dvb->entity may not be set to NULL in dvb create media entity() when allocation of dvbdev->pad fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.