CVE-2022-50542
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/10/2025
Last modified:
08/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: si470x: Fix use-after-free in si470x_int_in_callback()<br />
<br />
syzbot reported use-after-free in si470x_int_in_callback() [1]. This<br />
indicates that urb->context, which contains struct si470x_device<br />
object, is freed when si470x_int_in_callback() is called.<br />
<br />
The cause of this issue is that si470x_int_in_callback() is called for<br />
freed urb.<br />
<br />
si470x_usb_driver_probe() calls si470x_start_usb(), which then calls<br />
usb_submit_urb() and si470x_start(). If si470x_start_usb() fails,<br />
si470x_usb_driver_probe() doesn&#39;t kill urb, but it just frees struct<br />
si470x_device object, as depicted below:<br />
<br />
si470x_usb_driver_probe()<br />
...<br />
si470x_start_usb()<br />
...<br />
usb_submit_urb()<br />
retval = si470x_start()<br />
return retval<br />
if (retval
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0ca298d548461d29615f9a2b1309e8dcf4a352c6
- https://git.kernel.org/stable/c/146bd005ebb01ae190c22af050cb98623958c373
- https://git.kernel.org/stable/c/1c6447d0fc68650e51586dde79b5090d9d77f13a
- https://git.kernel.org/stable/c/52f54fe78cca24850a30865037250f63eb3d5bf7
- https://git.kernel.org/stable/c/63648a7bd1a7599bcc2040a6d1792363ae4c2e1b
- https://git.kernel.org/stable/c/6c8aee0c8fcc6dda94315f7908e8fa9bc75abe75
- https://git.kernel.org/stable/c/7d21e0b1b41b21d628bf2afce777727bd4479aa5
- https://git.kernel.org/stable/c/8c6151b8e8dd2d98ad2cd725d26d1e103d989891
- https://git.kernel.org/stable/c/92b0888398e4ba51d93b618a6506781f4e3879c9