UBUNTU-CVE-2022-50274

Description

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it. This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux

  all | < 4.15.0-208.220 | < 5.4.0-144.161 | < 5.15.0-69.76

• ubuntu•linux-allwinner-5.19

  all

• ubuntu•linux-aws

  all | < 4.15.0-1153.166 | < 5.4.0-1097.105 | < 5.15.0-1033.37

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1033.37~20.04.1

• ubuntu•linux-aws-5.19

  all

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1097.105~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-6.5

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2092.98 | all | < 5.4.0-1099.107+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1153.166~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1162.177~14.04.1 | < 4.15.0-1162.177~16.04.1 | all | < 5.4.0-1104.110 | < 5.15.0-1035.42

• ubuntu•linux-azure-4.15

  < 4.15.0-1162.177

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1035.42~20.04.1

• ubuntu•linux-azure-5.19

  all

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1104.110~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-6.11

  all

• ubuntu•linux-azure-6.2

  all

• ubuntu•linux-azure-6.5

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  all | all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-azure-fde-5.19

  all

• ubuntu•linux-azure-fde-6.2

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2071.77 | all | < 5.4.0-1104.110+fips1

• ubuntu•linux-bluefield

  < 5.15.0-1015.17 | < 5.4.0-1059.65 | < 5.15.0-1015.17 | all

• ubuntu•linux-fips

  all | < 4.15.0-1108.119 | < 5.4.0-1073.82

• ubuntu•linux-gcp

  < 4.15.0-1147.163~16.04.1 | all | < 5.4.0-1101.110 | < 5.15.0-1031.38

• ubuntu•linux-gcp-4.15

  < 4.15.0-1147.163

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1031.38~20.04.1

• ubuntu•linux-gcp-5.19

  all

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1101.110~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.11

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-6.5

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2055.60 | all | < 5.4.0-1101.110+fips1

• ubuntu•linux-gke

  all | < 5.15.0-1030.35

• ubuntu•linux-gke-4.15

  all

Showing first 50 affected entries in server-rendered view.

References (11)

• https://ubuntu.com/security/CVE-2022-50274
• https://www.cve.org/CVERecord?id=CVE-2022-50274
• https://git.kernel.org/linus/0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79
• https://git.kernel.org/stable/c/0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79
• https://git.kernel.org/stable/c/219b44bf94203bd433aa91b7796475bf656348e5
• https://git.kernel.org/stable/c/2abd73433872194bccdf1432a0980e4ec5273c2a
• https://git.kernel.org/stable/c/6d18b44bb44e1f4d97dfe0efe92ac0f0984739c2
• https://git.kernel.org/stable/c/88a6f8a72d167294c0931c7874941bf37a41b6dd
• https://git.kernel.org/stable/c/9945d05d6693710574f354c5dbddc47f5101eb77
• https://git.kernel.org/stable/c/a2f0a08aa613176c9688c81d7b598a7779974991
• https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97