CVE-2022-49509

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.5-00057-gaebcd29c8ed7-dirty

Description A vulnerability in the Linux kernel has been resolved, which caused a kernel oops when removing the max9286 module. The issue occurred because the I2C client data did not point to max9286 priv anymore but to v4l2 subdev. This change happened in max9286 init(), which calls v4l2 i2c subdev init() later on. The error resulted in a kernel paging request at a virtual address, leading to a level 0 translation fault.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the max9286 remove() function and the necessary changes to max9286 init() and max9286 probe(). As a temporary workaround, consider avoiding the removal of the max9286 module until a patch is available.