CVE-2022-49951

HIGH

Linux Kernel 5.19-5.19.8 - Use-After-Free in Firmware Loader

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests. device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->module); The problem is fixed by copying fw_upload_priv->module to a local variable for use when calling device_unregister().

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/d380d40930a674c520a5b55f3be1eb17dc634ebc

Patch

https://git.kernel.org/stable/c/8b40c38e37492b5bdf8e95b46b5cca9517a9957a

Scores

CVSS v3 7.8

EPSS 0.0021

EPSS Percentile 10.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (9)

linux/Kernel 5.19.0 - 5.19.8linux

Linux/Linux < 5.19

Linux/Linux 5.19

Linux/Linux 5.19.8 - 5.19.*

Linux/Linux 6.0

Linux/Linux 97730bbb242cde22b7140acd202ffd88823886c9 - 8b40c38e37492b5bdf8e95b46b5cca9517a9957a

Linux/Linux 97730bbb242cde22b7140acd202ffd88823886c9 - d380d40930a674c520a5b55f3be1eb17dc634ebc

linux/linux_kernel 6.0 rc1 (3 CPE variants)

linux/linux_kernel 5.19 - 5.19.8

Published Jun 18, 2025

Tracked Since Feb 18, 2026