CVE-2022-50274
media: dvbdev: adopts refcnt to avoid UAF
Description
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it. This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object.
INFO
Published Date :
Sept. 15, 2025, 3:15 p.m.
Last Modified :
Sept. 15, 2025, 3:22 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2022-50274
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update the Linux kernel to the patched version.
- Rebuild and deploy the modified kernel.
- Verify the patch addresses the UAF vulnerability.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2022-50274.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2022-50274 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2022-50274
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2022-50274 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2022-50274 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Sep. 15, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvb_unregister_device() is known that prone to use-after-free. That is, the cleanup from dvb_unregister_device() releases the dvb_device even if there are pointers stored in file->private_data still refer to it. This patch adds a reference counter into struct dvb_device and delays its deallocation until no pointer refers to the object. Added Reference https://git.kernel.org/stable/c/0fc044b2b5e2d05a1fa1fb0d7f270367a7855d79 Added Reference https://git.kernel.org/stable/c/219b44bf94203bd433aa91b7796475bf656348e5 Added Reference https://git.kernel.org/stable/c/2abd73433872194bccdf1432a0980e4ec5273c2a Added Reference https://git.kernel.org/stable/c/6d18b44bb44e1f4d97dfe0efe92ac0f0984739c2 Added Reference https://git.kernel.org/stable/c/88a6f8a72d167294c0931c7874941bf37a41b6dd Added Reference https://git.kernel.org/stable/c/9945d05d6693710574f354c5dbddc47f5101eb77 Added Reference https://git.kernel.org/stable/c/a2f0a08aa613176c9688c81d7b598a7779974991 Added Reference https://git.kernel.org/stable/c/ac521bbe3d00fa574e66a9361763f2b37725bc97