Use-After-Free Vulnerability in Linux Kernel Affecting Coresight Devices

CVE-2022-50214

What is CVE-2022-50214?

A vulnerability exists in the Linux Kernel related to coresight devices that manage output connections. When a device is removed from the coresight bus, it is crucial to correctly clear the connection references to prevent memory management issues. Specifically, the function that handles the removal does not adequately clear the fwnode reference, leading to a use-after-free condition. In scenarios where device A is connected to device B, improper reference handling can result in device A attempting to access memory that has already been freed, which can trigger system instability and security concerns. This vulnerability underscores the importance of thorough memory management in complex device connection scenarios.

References