CVE-2022-49711
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io triggers KASAN use-after-free. To avoid the use-after-free, keep the reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to fsl_destroy_mc_io(). This patch needs rework to apply to kernels older than v5.15.
Security Summary
CVE-2022-49711 is a use-after-free vulnerability in the Linux kernel's fsl-mc-bus subsystem. The flaw occurs in the fsl_mc_bus_remove() function, where mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io() after mc->root_mc_bus_dev has already been freed by fsl_mc_device_remove(), triggering a KASAN-detected use-after-free condition.
A local attacker with low privileges can exploit this vulnerability, requiring low attack complexity and no user interaction. Exploitation leads to high impacts on confidentiality, integrity, and availability, per the CVSS 3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), and is associated with CWE-416.
Mitigation patches are available in Linux kernel stable branches via git commits such as 161b68b0a728377aaa10a8e14c70e7734f3c9ff7, 720ab105df7bf3eee62d2bddd41526b29d07d045, 928ea98252ad75118950941683893cf904541da9, and ccd1751092341ac120a961835211f9f2e3735963. These fixes store a reference to mc->root_mc_bus_dev->mc_io in a local variable before freeing the device, preventing the use-after-free. The patch requires rework to apply to kernels older than v5.15.
Details
- CWE(s)