CVE-2022-50616

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free (UAF) issue between the regulator and multi-function device (mfd) subsystems. This occurs because the regulator core allocates init data resources to the parent device instead of the child device during device tree (DT) lookup. The issue arises when the parent device is released while the regulator core is still operating on the init data, leading to a UAF condition. The root cause is the passing of the parent device as a parameter during the DT lookup process. This can occur when using mfd core to create child devices for regulators.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.