CVE-2022-49419

Summary

CVE-2022-49419 is a use-after-free vulnerability affecting the Linux kernel's video driver, specifically the vesafb driver. The issue arises when the fb_info structure is prematurely freed during driver removal, making it inaccessible in the vesafb_remove() function. This can occur if the .fb_destroy callback is executed before the .remove callback, which may happen if no process has the fbdev chardev opened at the time of driver removal. To mitigate this issue, the expression containing the info pointer needs to be moved before the unregister_framebuffer() function call. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.