CVE-2022-49951

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49951
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49951.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49951
Downstream
Related
Published
2025-06-18T11:00:14Z
Modified
2025-10-13T22:07:56.240888Z
Summary
firmware_loader: Fix use-after-free during unregister
Details

In the Linux kernel, the following vulnerability has been resolved:

firmware_loader: Fix use-after-free during unregister

In the following code within firmwareuploadunregister(), the call to deviceunregister() could result in the devrelease function freeing the fwuploadpriv structure before it is dereferenced for the call to moduleput(). This bug was found by the kernel test robot using CONFIGKASAN while running the firmware selftests.

deviceunregister(&fwsysfs->dev); moduleput(fwupload_priv->module);

The problem is fixed by copying fwuploadpriv->module to a local variable for use when calling device_unregister().

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
97730bbb242cde22b7140acd202ffd88823886c9
Fixed
d380d40930a674c520a5b55f3be1eb17dc634ebc
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
97730bbb242cde22b7140acd202ffd88823886c9
Fixed
8b40c38e37492b5bdf8e95b46b5cca9517a9957a

Affected versions

v5.*

v5.18
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
v5.19.2
v5.19.3
v5.19.4
v5.19.5
v5.19.6
v5.19.7

v6.*

v6.0-rc1
v6.0-rc2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
5.19.8