{"id":"AZL-59142","summary":"CVE-2022-49359 affecting package kernel 5.15.200.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panfrost: Job should reference MMU not file_priv\n\nFor a while now it's been allowed for a MMU context to outlive it's\ncorresponding panfrost_priv, however the job structure still references\npanfrost_priv to get hold of the MMU context. If panfrost_priv has been\nfreed this is a use-after-free which I've been able to trigger resulting\nin a splat.\n\nTo fix this, drop the reference to panfrost_priv in the job structure\nand add a direct reference to the MMU structure which is what's actually\nneeded.","modified":"2026-04-01T05:19:25.056036Z","published":"2025-02-26T07:01:12Z","upstream":["CVE-2022-49359"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49359"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"5.15.200.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59142.json"}}],"schema_version":"1.7.5"}