CVE-2022-50725

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the vidtv bridge dvb init() function. The issue arises from incorrect error handling, where release functions are called multiple times, leading to a use-after-free condition. Specifically, the vidtv bridge dmx() and vidtv bridge dmx( dev) init() functions clean up resources on failure, but the fail dmx( dev) section then calls release functions again, causing the use-after-free. Additionally, potential out-of-bounds access could occur in the fail fe, fail tuner probe, and fail demod probe sections due to an incorrect loop condition. The KASAN (Kernel Address Sanitizer) tool reported this issue with the following error message: 'BUG: KASAN: use-after-free in dvb dmxdev release+0x4d5/0x5d0 [dvb core]'.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.