CVE-2022-49842

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: core: Fix use-after-free in snd_soc_exit()<br /> <br /> KASAN reports a use-after-free:<br /> <br /> BUG: KASAN: use-after-free in device_del+0xb5b/0xc60<br /> Read of size 8 at addr ffff888008655050 by task rmmod/387<br /> CPU: 2 PID: 387 Comm: rmmod<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x79/0x9a<br /> print_report+0x17f/0x47b<br /> kasan_report+0xbb/0xf0<br /> device_del+0xb5b/0xc60<br /> platform_device_del.part.0+0x24/0x200<br /> platform_device_unregister+0x2e/0x40<br /> snd_soc_exit+0xa/0x22 [snd_soc_core]<br /> __do_sys_delete_module.constprop.0+0x34f/0x5b0<br /> do_syscall_64+0x3a/0x90<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> ...<br /> <br /> <br /> It&amp;#39;s bacause in snd_soc_init(), snd_soc_util_init() is possble to fail,<br /> but its ret is ignored, which makes soc_dummy_dev unregistered twice.<br /> <br /> snd_soc_init()<br /> snd_soc_util_init()<br /> platform_device_register_simple(soc_dummy_dev)<br /> platform_driver_register() # fail<br /> platform_device_unregister(soc_dummy_dev)<br /> platform_driver_register() # success<br /> ...<br /> snd_soc_exit()<br /> snd_soc_util_exit()<br /> # soc_dummy_dev will be unregistered for second time<br /> <br /> To fix it, handle error and stop snd_soc_init() when util_init() fail.<br /> Also clean debugfs when util_init() or driver_register() fail.