CVE-2022-48872

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> misc: fastrpc: Fix use-after-free race condition for maps<br /> <br /> It is possible that in between calling fastrpc_map_get() until<br /> map-&gt;fl-&gt;lock is taken in fastrpc_free_map(), another thread can call<br /> fastrpc_map_lookup() and get a reference to a map that is about to be<br /> deleted.<br /> <br /> Rewrite fastrpc_map_get() to only increase the reference count of a map<br /> if it&amp;#39;s non-zero. Propagate this to callers so they can know if a map is<br /> about to be deleted.<br /> <br /> Fixes this warning:<br /> refcount_t: addition on 0; use-after-free.<br /> WARNING: CPU: 5 PID: 10100 at lib/refcount.c:25 refcount_warn_saturate<br /> ...<br /> Call trace:<br /> refcount_warn_saturate<br /> [fastrpc_map_get inlined]<br /> [fastrpc_map_lookup inlined]<br /> fastrpc_map_create<br /> fastrpc_internal_invoke<br /> fastrpc_device_ioctl<br /> __arm64_sys_ioctl<br /> invoke_syscall