| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122457-CVE-2022-50767-9a13@gregkh> Date: Wed, 24 Dec 2025 14:06:18 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50767: fbdev: smscufx: Fix several use-after-free bugs From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: Fix several use-after-free bugs Several types of UAFs can occur when physically removing a USB device. Adds ufx_ops_destroy() function to .fb_destroy of fb_ops, and in this function, there is kref_put() that finally calls ufx_free(). This fix prevents multiple UAFs. The Linux kernel CVE team has assigned CVE-2022-50767 to this issue. Affected and fixed versions =========================== Fixed in 4.9.332 with commit 6f2075ea883e5d7730d0c9ebb1bb8e7a1a7e953f Fixed in 4.14.298 with commit 3f40852d671072836fb7ae331a1f28a24223c4e8 Fixed in 4.19.264 with commit 70faf9d9b6cc74418716bbf76fe75bd2da10ad4a Fixed in 5.4.223 with commit 5385af2f89bc352fb70753ab41b2bb036190141f Fixed in 5.10.153 with commit d9ddfeb01fb95ffbbc7031d46a5ee2a5e45cbb86 Fixed in 5.15.77 with commit cc6a7249842fceda7574ceb63275a2d5e99d2862 Fixed in 6.0.7 with commit 8d924b262f3178a9b17c17d4306a9f426c508bd9 Fixed in 6.1 with commit cc67482c9e5f2c80d62f623bcc347c29f9f648e1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50767 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/video/fbdev/smscufx.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6f2075ea883e5d7730d0c9ebb1bb8e7a1a7e953f https://git.kernel.org/stable/c/3f40852d671072836fb7ae331a1f28a24223c4e8 https://git.kernel.org/stable/c/70faf9d9b6cc74418716bbf76fe75bd2da10ad4a https://git.kernel.org/stable/c/5385af2f89bc352fb70753ab41b2bb036190141f https://git.kernel.org/stable/c/d9ddfeb01fb95ffbbc7031d46a5ee2a5e45cbb86 https://git.kernel.org/stable/c/cc6a7249842fceda7574ceb63275a2d5e99d2862 https://git.kernel.org/stable/c/8d924b262f3178a9b17c17d4306a9f426c508bd9 https://git.kernel.org/stable/c/cc67482c9e5f2c80d62f623bcc347c29f9f648e1
Powered by blists - more mailing lists