CVE-2022-50192

spi: tegra20-slink: fix UAF in tegra_slink_remove()

Description

In the Linux kernel, the following vulnerability has been resolved: spi: tegra20-slink: fix UAF in tegra_slink_remove() After calling spi_unregister_master(), the refcount of master will be decrease to 0, and it will be freed in spi_controller_release(), the device data also will be freed, so it will lead a UAF when using 'tspi'. To fix this, get the master before unregister and put it when finish using it.

N/A

CVSS

Severity:

EPSS 0.02%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/415b4ce61308f24583912d887772dfcbf97f1d20
https://git.kernel.org/stable/c/800c7767e05d29656713e04532823a752e57e037
https://git.kernel.org/stable/c/67f77172644260482fdafc03b6025847944701e5
https://git.kernel.org/stable/c/7e9984d183bb1e99e766c5c2b950ff21f7f7b6c0

Frequently Asked Questions

What is the severity of CVE-2022-50192?: CVE-2022-50192 has not yet been assigned a CVSS score.
How to fix CVE-2022-50192?: To fix CVE-2022-50192, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-50192 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-50192 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-50192?: CVE-2022-50192 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.