CVE-2022-49388

Publication date

2025-02-26 02:11:22

Family

Linux

State

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ubi: ubi_create_volume: Fix use-after-free when volume creation failed There is an use-after-free problem for eba_tbl in ubi_create_volume()s error handling path: ubi_eba_replace_table(vol, eba_tbl) vol->eba_tbl = tbl out_mapping: ubi_eba_destroy_table(eba_tbl) // Free eba_tbl out_unlock: put_device(&vol->dev) vol_release kfree(tbl->entries) // UAF Fix it by removing redundant eba_tbl releasing. Fetch a reproducer in [Link].