We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-49951

firmware_loader: Fix use-after-free during unregister



Description

In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests. device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->module); The problem is fixed by copying fw_upload_priv->module to a local variable for use when calling device_unregister().

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

97730bbb242cde22b7140acd202ffd88823886c9 before d380d40930a674c520a5b55f3be1eb17dc634ebc
affected

97730bbb242cde22b7140acd202ffd88823886c9 before 8b40c38e37492b5bdf8e95b46b5cca9517a9957a
affected

Default status
affected

5.19
affected

Any version before 5.19
unaffected

5.19.8
unaffected

6.0
unaffected

References

git.kernel.org/...c/d380d40930a674c520a5b55f3be1eb17dc634ebc

git.kernel.org/...c/8b40c38e37492b5bdf8e95b46b5cca9517a9957a

cve.org (CVE-2022-49951)

nvd.nist.gov (CVE-2022-49951)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-49951

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.