CVE-2022-49419

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 26, 2025

Updated: Feb 27, 2025

CWE ID 416

Summary

CVE-2022-49419 is a vulnerability affecting the Linux kernel's vesafb driver in the video subsystem. The issue arises from an improper handling of the fb_info structure during driver removal. The original commit attempted to address a use-after-free error by moving the cleanup of fb_info from the .remove handler to the .fb_destroy handler. However, this change did not consider the possibility of .fb_destroy being called before .remove. In such cases, the fb_info pointer would be freed before being accessed in vesafb_remove(), leading to a use-after-free condition. To mitigate this, the expression containing the info->par should be executed before the unregister_framebuffer() function call.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners