CVE-2022-49524

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A bug in the Linux kernel has been identified, specifically in the cx23885 driver. The issue arises when the driver fails to call the dma set mask() function, resulting in a use-after-free error. This error occurs because the driver initializes i2c-related resources in cx23885 dev setup() but fails to release them during error handling. The error is evident in the kernel log, showing a BUG: KASAN: use-after-free message.

Recommendations To resolve this issue, modify the error path in the cx23885 driver to properly release i2c-related resources after failing to call dma set mask(). As a temporary workaround, consider disabling the cx23885 initdev() function until a patch is available. Restrict access to the vulnerable cx23885 driver to minimize the risk of exploitation.