CVE-2022-49951

UNKNOWN 0.0

firmware_loader: Fix use-after-free during unregister

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests. device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->module); The problem is fixed by copying fw_upload_priv->module to a local variable for use when calling device_unregister().

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 18, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

97730bbb242cde22b7140acd202ffd88823886c9 < d380d40930a674c520a5b55f3be1eb17dc634ebc 97730bbb242cde22b7140acd202ffd88823886c9 < 8b40c38e37492b5bdf8e95b46b5cca9517a9957a

Linux / Linux

5.19

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/d380d40930a674c520a5b55f3be1eb17dc634ebc git.kernel.org: https://git.kernel.org/stable/c/8b40c38e37492b5bdf8e95b46b5cca9517a9957a