CVE-2022-49508
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will be a double free. According to the doc of devm_input_allocate_device(): * Managed input devices do not need to be explicitly unregistered or * freed as it will be done automatically when owner device unbinds from * its driver (or binding fails).
Security Summary
CVE-2022-49508 is a vulnerability in the Linux kernel's HID Elan driver, specifically within the elan_input_configured function. The issue arises because the 'input' resource is allocated using devm_input_allocate_device(), a managed allocation that is automatically freed when the owner device unbinds or binding fails. However, the code explicitly calls input_free_device(), leading to a potential double free, classified under CWE-415.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It can be exploited by a local attacker with low privileges, requiring low complexity and no user interaction. Successful exploitation could result in high impacts to confidentiality, integrity, and availability.
Mitigation requires applying upstream patches from Linux kernel stable branches, as detailed in the referenced commits: https://git.kernel.org/stable/c/1af20714fedad238362571620be0bd690ded05b6, https://git.kernel.org/stable/c/24f9dfdaece9bd75bb8dbfdba83eddeefdf7dc47, https://git.kernel.org/stable/c/5291451851feeb66fd4bf0826710f482f3b1ab38, https://git.kernel.org/stable/c/6d0726725c7c560495f5ff364862a2cefea542e3, and https://git.kernel.org/stable/c/8bb1716507ebf12d50bbf181764481de3b6bc7fd. These patches remove the explicit input_free_device() call to prevent the double free.
Details
- CWE(s)