{"id":"CVE-2022-48821","summary":"misc: fastrpc: avoid double fput() on failed usercopy","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: avoid double fput() on failed usercopy\n\nIf the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF\nioctl(), we shouldn't assume that 'buf-\u003edmabuf' is still valid. In fact,\ndma_buf_fd() called fd_install() before, i.e. \"consumed\" one reference,\nleaving us with none.\n\nCalling dma_buf_put() will therefore put a reference we no longer own,\nleading to a valid file descritor table entry for an already released\n'file' object which is a straight use-after-free.\n\nSimply avoid calling dma_buf_put() and rely on the process exit code to\ndo the necessary cleanup, if needed, i.e. if the file descriptor is\nstill valid.","modified":"2026-04-02T08:27:02.393160Z","published":"2024-07-16T11:44:07.965Z","related":["SUSE-SU-2024:2893-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2923-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:2948-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48821.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/46963e2e0629cb31c96b1d47ddd89dc3d8990b34"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215"},{"type":"WEB","url":"https://git.kernel.org/stable/c/76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a5ce7ee5fcc07583159f54ab4af5164de00148f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e4382d0a39f9a1e260d62fdc079ddae5293c037d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48821.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48821"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6cffd79504ce040f460831030d3069fa1c99bb71"},{"fixed":"4e6fd2b5fcf8e7119305a6042bd92e7f2b9ed215"},{"fixed":"a5ce7ee5fcc07583159f54ab4af5164de00148f5"},{"fixed":"e4382d0a39f9a1e260d62fdc079ddae5293c037d"},{"fixed":"76f85c307ef9f10aa2cef1b1d5ee654c1f3345fc"},{"fixed":"46963e2e0629cb31c96b1d47ddd89dc3d8990b34"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48821.json"}}],"schema_version":"1.7.5"}