[SRU][K][PATCH 0/1] CVE-2022-41218
Magali Lemes
magali.lemes.do.sacramento at canonical.com
Wed Mar 15 17:40:54 UTC 2023
[Impact]
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a
use-after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
[Backport]
Clean cherry-pick.
[Test]
Compiled, boot and module load tested.
[Regression potential]
We expect minimal regression, since the commit only adds a check for
dmxdev->exit at dvb_demux_open() and adds a mutex for dmxdev->exit at
dvb_dmxdev_release().
Takashi Iwai (1):
media: dvb-core: Fix UAF due to refcount races at releasing
drivers/media/dvb-core/dmxdev.c | 8 ++++++++
1 file changed, 8 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list