In the Linux kernel, the following vulnerability has been resolved:
media: dvbdev: adopts refcnt to avoid UAF
dvb_unregister_device() is known that prone to use-after-free.
That is, the cleanup from dvb_unregister_device() releases the dvb_device
even if there are pointers stored in file->private_data still refer to it.
This patch adds a reference counter into struct dvb_device and delays its
deallocation until no pointer refers to the object.
media: dvbdev: adopts refcnt to avoid UAF
dvb_unregister_device() is known that prone to use-after-free.
That is, the cleanup from dvb_unregister_device() releases the dvb_device
even if there are pointers stored in file->private_data still refer to it.
This patch adds a reference counter into struct dvb_device and delays its
deallocation until no pointer refers to the object.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 15 Sep 2025 14:45:00 +0000
MITRE
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2025-09-15T14:21:10.383Z
Reserved: 2025-09-15T13:58:00.975Z
Link: CVE-2022-50274
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2025-09-15T15:15:38.330
Modified: 2025-09-15T15:22:27.090
Link: CVE-2022-50274
Redhat
No data.
OpenCVE Enrichment
No data.