CVE-2022-50745

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> staging: media: tegra-video: fix device_node use after free<br /> <br /> At probe time this code path is followed:<br /> <br /> * tegra_csi_init<br /> * tegra_csi_channels_alloc<br /> * for_each_child_of_node(node, channel) -- iterates over channels<br /> * automatically gets &amp;#39;channel&amp;#39;<br /> * tegra_csi_channel_alloc()<br /> * saves into chan-&gt;of_node a pointer to the channel OF node<br /> * automatically gets and puts &amp;#39;channel&amp;#39;<br /> * now the node saved in chan-&gt;of_node has refcount 0, can disappear<br /> * tegra_csi_channels_init<br /> * iterates over channels<br /> * tegra_csi_channel_init -- uses chan-&gt;of_node<br /> <br /> After that, chan-&gt;of_node keeps storing the node until the device is<br /> removed.<br /> <br /> of_node_get() the node and of_node_put() it during teardown to avoid any<br /> risk.