CVE-2022-49393

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl<br /> <br /> This is another instance of incorrect use of list iterator and<br /> checking it for NULL.<br /> <br /> The list iterator value &amp;#39;map&amp;#39; will *always* be set and non-NULL<br /> by list_for_each_entry(), so it is incorrect to assume that the<br /> iterator value will be NULL if the list is empty (in this case, the<br /> check &amp;#39;if (!map) {&amp;#39; will always be false and never exit as expected).<br /> <br /> To fix the bug, use a new variable &amp;#39;iter&amp;#39; as the list iterator,<br /> while use the original variable &amp;#39;map&amp;#39; as a dedicated pointer to<br /> point to the found element.<br /> <br /> Without this patch, Kernel crashes with below trace:<br /> <br /> Unable to handle kernel access to user memory outside uaccess routines<br /> at virtual address 0000ffff7fb03750<br /> ...<br /> Call trace:<br /> fastrpc_map_create+0x70/0x290 [fastrpc]<br /> fastrpc_req_mem_map+0xf0/0x2dc [fastrpc]<br /> fastrpc_device_ioctl+0x138/0xc60 [fastrpc]<br /> __arm64_sys_ioctl+0xa8/0xec<br /> invoke_syscall+0x48/0x114<br /> el0_svc_common.constprop.0+0xd4/0xfc<br /> do_el0_svc+0x28/0x90<br /> el0_svc+0x3c/0x130<br /> el0t_64_sync_handler+0xa4/0x130<br /> el0t_64_sync+0x18c/0x190<br /> Code: 14000016 f94000a5 eb05029f 54000260 (b94018a6)<br /> ---[ end trace 0000000000000000 ]---