SB20250327116 - Use-after-free in Linux kernel dma driver
Published: March 27, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250327116
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-49753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dma_chan_get() function in drivers/dma/dmaengine.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/142d644fd2cc059ffa042fbfb68e766433ef3afd
- https://git.kernel.org/stable/c/18dd3b30d4c7e8440c63118c7a7b687372b9567f
- https://git.kernel.org/stable/c/1b409e14b4b7af034e0450f95c165b6c5c87dbc1
- https://git.kernel.org/stable/c/42ecd72f02cd657b00b559621e7ef7d2c4d3e5f1
- https://git.kernel.org/stable/c/71c601965532c38030133535f7cd93c1efa75af1
- https://git.kernel.org/stable/c/c6221afe573413fd2981e291f7df4a58283e0654
- https://git.kernel.org/stable/c/f3dc1b3b4750851a94212dba249703dd0e50bb20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.305
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.272
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.166
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.231
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2