CVE-2022-48821

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-48821
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48821.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48821
Downstream
Related
Published
2024-07-16T11:44:07.965Z
Modified
2026-03-20T12:21:54.620935Z
Summary
misc: fastrpc: avoid double fput() on failed usercopy
Details

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: avoid double fput() on failed usercopy

If the copy back to userland fails for the FASTRPCIOCTLALLOCDMABUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dmabuffd() called fd_install() before, i.e. "consumed" one reference, leaving us with none.

Calling dmabufput() will therefore put a reference we no longer own, leading to a valid file descritor table entry for an already released 'file' object which is a straight use-after-free.

Simply avoid calling dmabufput() and rely on the process exit code to do the necessary cleanup, if needed, i.e. if the file descriptor is still valid.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48821.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6cffd79504ce040f460831030d3069fa1c99bb71
Fixed
4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215
Fixed
a5ce7ee5fcc07583159f54ab4af5164de00148f5
Fixed
e4382d0a39f9a1e260d62fdc079ddae5293c037d
Fixed
76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc
Fixed
46963e2e0629cb31c96b1d47ddd89dc3d8990b34

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48821.json"