CVE-2022-49359

Published: Feb 26, 2025

Modified: May 23, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Job should reference MMU not file_priv For a while now it's been allowed for a MMU context to outlive it's corresponding panfrost_priv, however the job structure still references panfrost_priv to get hold of the MMU context. If panfrost_priv has been freed this is a use-after-free which I've been able to trigger resulting in a splat. To fix this, drop the reference to panfrost_priv in the job structure and add a direct reference to the MMU structure which is what's actually needed.

Vendor	Product	Versions
Linux	Linux	affected `7fdc48cc63a30fa3480d18bdd8c5fff2b9b15212 - < 8c8e8cc91a6ffc79865108279a74fd57d9070a17` affected `7fdc48cc63a30fa3480d18bdd8c5fff2b9b15212 - < 472dd7ea5e19a1aeabf1711ddc756777e05ee7c2` affected `7fdc48cc63a30fa3480d18bdd8c5fff2b9b15212 - < 6e516faf04317db2c46cbec4e3b78b4653a5b109` affected `c29485e34e63198dca6289639aa711f99d88e76e` affected `626adede2642f00c8918999a2451bd0a644ab9b7` +4 more versions
Linux	Linux	affected `5.15` unaffected `0 - < 5.15` unaffected `5.17.15 - <= 5.17.` unaffected `5.18.4 - <= 5.18.` unaffected `5.19 - <= *`

References

https://git.kernel.org/stable/c/8c8e8cc91a6ffc79865108279a74fd57d9070a17

https://git.kernel.org/stable/c/472dd7ea5e19a1aeabf1711ddc756777e05ee7c2

https://git.kernel.org/stable/c/6e516faf04317db2c46cbec4e3b78b4653a5b109

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49359

Description

Affected Products

References