CVE-2022-49508

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential double free issue in the elan input configured function of the Linux kernel's HID (Human Interface Device) elan driver has been resolved. The issue arises because the input resource, allocated with devm input allocate device(), is freed explicitly with input free device(), leading to a double free. According to the documentation of devm input allocate device(), managed input devices are automatically unregistered and freed when the owner device unbinds from its driver, making explicit unregistration or freeing unnecessary.

Recommendations For the affected Linux kernel versions, consider updating to a version that includes the fix for the double free issue in the elan input configured function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.