CVE-2022-50542
- Source
- https://cve.org/CVERecord?id=CVE-2022-50542
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50542.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50542
- Downstream
- Related
- Published
- 2025-10-07T15:21:07.236Z
- Modified
- 2026-04-02T08:28:36.202860Z
- Summary
- media: si470x: Fix use-after-free in si470x_int_in_callback()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
media: si470x: Fix use-after-free in si470xintin_callback()
syzbot reported use-after-free in si470xintincallback() [1]. This indicates that urb->context, which contains struct si470xdevice object, is freed when si470xintin_callback() is called.
The cause of this issue is that si470xintin_callback() is called for freed urb.
si470xusbdriverprobe() calls si470xstartusb(), which then calls usbsubmiturb() and si470xstart(). If si470xstartusb() fails, si470xusbdriverprobe() doesn't kill urb, but it just frees struct si470xdevice object, as depicted below:
si470xusbdriverprobe() ... si470xstartusb() ... usbsubmiturb() retval = si470xstart() return retval if (retval < 0) free struct si470x_device object, but don't kill urb
This patch fixes this issue by killing urb when si470xstartusb() fails and urb is submitted. If si470xstartusb() fails and urb is not submitted, i.e. submitting usb fails, it just frees struct si470x_device object.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50542.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/0ca298d548461d29615f9a2b1309e8dcf4a352c6
- https://git.kernel.org/stable/c/146bd005ebb01ae190c22af050cb98623958c373
- https://git.kernel.org/stable/c/1c6447d0fc68650e51586dde79b5090d9d77f13a
- https://git.kernel.org/stable/c/52f54fe78cca24850a30865037250f63eb3d5bf7
- https://git.kernel.org/stable/c/63648a7bd1a7599bcc2040a6d1792363ae4c2e1b
- https://git.kernel.org/stable/c/6c8aee0c8fcc6dda94315f7908e8fa9bc75abe75
- https://git.kernel.org/stable/c/7d21e0b1b41b21d628bf2afce777727bd4479aa5
- https://git.kernel.org/stable/c/8c6151b8e8dd2d98ad2cd725d26d1e103d989891
- https://git.kernel.org/stable/c/92b0888398e4ba51d93b618a6506781f4e3879c9
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50542.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50542
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced779471110c6f0f7f7c223fc696170ec750ac3531Fixed146bd005ebb01ae190c22af050cb98623958c373Fixed8c6151b8e8dd2d98ad2cd725d26d1e103d989891Fixed52f54fe78cca24850a30865037250f63eb3d5bf7Fixed0ca298d548461d29615f9a2b1309e8dcf4a352c6Fixed1c6447d0fc68650e51586dde79b5090d9d77f13aFixed6c8aee0c8fcc6dda94315f7908e8fa9bc75abe75Fixed63648a7bd1a7599bcc2040a6d1792363ae4c2e1bFixed92b0888398e4ba51d93b618a6506781f4e3879c9Fixed7d21e0b1b41b21d628bf2afce777727bd4479aa5