CVE-2022-49419

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/0fac5f8fb1bc2fc4f8714bf5e743c9cc3f547c63", "name": "https://git.kernel.org/stable/c/0fac5f8fb1bc2fc4f8714bf5e743c9cc3f547c63", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/acde4003efc16480375543638484d8f13f2e99a3", "name": "https://git.kernel.org/stable/c/acde4003efc16480375543638484d8f13f2e99a3", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/d260cad015945d1f4bb9b028a096f648506106a2", "name": "https://git.kernel.org/stable/c/d260cad015945d1f4bb9b028a096f648506106a2", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/f605f5558ecc175ec70016a3c15f007cb6386531", "name": "https://git.kernel.org/stable/c/f605f5558ecc175ec70016a3c15f007cb6386531", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvideo: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup\n\nCommit b3c9a924aab6 (\"fbdev: vesafb: Cleanup fb_info in .fb_destroy rather\nthan .remove\") fixed a use-after-free error due the vesafb driver freeing\nthe fb_info in the .remove handler instead of doing it in .fb_destroy.\n\nThis can happen if the .fb_destroy callback is executed after the .remove\ncallback, since the former tries to access a pointer freed by the latter.\n\nBut that change didn't take into account that another possible scenario is\nthat .fb_destroy is called before the .remove callback. For example, if no\nprocess has the fbdev chardev opened by the time the driver is removed.\n\nIf that's the case, fb_info will be freed when unregister_framebuffer() is\ncalled, making the fb_info pointer accessed in vesafb_remove() after that\nto no longer be valid.\n\nTo prevent that, move the expression containing the info->par to happen\nbefore the unregister_framebuffer() function call."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-49419", "ASSIGNER": "cve@kernel.org"}}, "impact": {}, "publishedDate": "2025-02-26T07:01Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.15.41"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.17.9"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-24T19:57Z"}