CVE-2022-50745

In the Linux kernel, the following vulnerability has been resolved:

staging: media: tegra-video: fix device_node use after free

At probe time this code path is followed:

• tegracsiinit
  • tegracsichannelsalloc
    • foreachchildofnode(node, channel) -- iterates over channels
      • automatically gets 'channel'
        • tegracsichannelalloc()
          • saves into chan->ofnode a pointer to the channel OF node
      • automatically gets and puts 'channel'
      • now the node saved in chan->ofnode has refcount 0, can disappear
  • tegracsichannels_init
    • iterates over channels
      • tegracsichannelinit -- uses chan->ofnode

After that, chan->of_node keeps storing the node until the device is removed.

ofnodeget() the node and ofnodeput() it during teardown to avoid any risk.