CVE-2022-48821
Published: Jul 16, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput() on failed usercopy If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dma_buf_fd() called fd_install() before, i.e. "consumed" one reference, leaving us with none. Calling dma_buf_put() will therefore put a reference we no longer own, leading to a valid file descritor table entry for an already released 'file' object which is a straight use-after-free. Simply avoid calling dma_buf_put() and rely on the process exit code to do the necessary cleanup, if needed, i.e. if the file descriptor is still valid.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 6cffd79504ce040f460831030d3069fa1c99bb71 - < 4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215affected 6cffd79504ce040f460831030d3069fa1c99bb71 - < a5ce7ee5fcc07583159f54ab4af5164de00148f5affected 6cffd79504ce040f460831030d3069fa1c99bb71 - < e4382d0a39f9a1e260d62fdc079ddae5293c037daffected 6cffd79504ce040f460831030d3069fa1c99bb71 - < 76f85c307ef9f10aa2cef1b1d5ee654c1f3345fcaffected 6cffd79504ce040f460831030d3069fa1c99bb71 - < 46963e2e0629cb31c96b1d47ddd89dc3d8990b34 |
Linux | Linux | affected 5.1unaffected 0 - < 5.1unaffected 5.4.180 - <= 5.4.*unaffected 5.10.101 - <= 5.10.*unaffected 5.15.24 - <= 5.15.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now