CVE-2022-49711

Published: Feb 26, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io triggers KASAN use-after-free. To avoid the use-after-free, keep the reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to fsl_destroy_mc_io(). This patch needs rework to apply to kernels older than v5.15.

Vendor	Product	Versions
Linux	Linux	affected `f93627146f0e371093966ed3d44c065aa077cfb1 - < 720ab105df7bf3eee62d2bddd41526b29d07d045` affected `f93627146f0e371093966ed3d44c065aa077cfb1 - < ccd1751092341ac120a961835211f9f2e3735963` affected `f93627146f0e371093966ed3d44c065aa077cfb1 - < 161b68b0a728377aaa10a8e14c70e7734f3c9ff7` affected `f93627146f0e371093966ed3d44c065aa077cfb1 - < 928ea98252ad75118950941683893cf904541da9`
Linux	Linux	affected `4.8` unaffected `0 - < 4.8` unaffected `5.10.248 - <= 5.10.` unaffected `5.15.49 - <= 5.15.` unaffected `5.18.6 - <= 5.18.*` +1 more versions

References

https://git.kernel.org/stable/c/720ab105df7bf3eee62d2bddd41526b29d07d045

https://git.kernel.org/stable/c/ccd1751092341ac120a961835211f9f2e3735963

https://git.kernel.org/stable/c/161b68b0a728377aaa10a8e14c70e7734f3c9ff7

https://git.kernel.org/stable/c/928ea98252ad75118950941683893cf904541da9

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49711

Description

Affected Products

References