Use After Free Vulnerability in Linux Kernel dma-buf/dma-resv Component
CVE-2022-49935
Currently unrated
What is CVE-2022-49935?
A vulnerability has been identified in the Linux Kernel's dma-buf/dma-resv component. This issue arises when a new fence is added to a dma_resv object without verifying whether it is later than the existing fences. This oversight could enable userspace to exploit the kernel, resulting in a use after free error. A minor yet defensive code change has been introduced to mitigate this risk, highlighting the importance of backporting the fix to stable kernel versions, especially for those utilizing the dma_resv object similarly.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 5.19.8 <= 5.19.*