{"id":"CVE-2022-50745","summary":"staging: media: tegra-video: fix device_node use after free","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: media: tegra-video: fix device_node use after free\n\nAt probe time this code path is followed:\n\n * tegra_csi_init\n   * tegra_csi_channels_alloc\n     * for_each_child_of_node(node, channel) -- iterates over channels\n       * automatically gets 'channel'\n         * tegra_csi_channel_alloc()\n           * saves into chan-\u003eof_node a pointer to the channel OF node\n       * automatically gets and puts 'channel'\n       * now the node saved in chan-\u003eof_node has refcount 0, can disappear\n   * tegra_csi_channels_init\n     * iterates over channels\n       * tegra_csi_channel_init -- uses chan-\u003eof_node\n\nAfter that, chan-\u003eof_node keeps storing the node until the device is\nremoved.\n\nof_node_get() the node and of_node_put() it during teardown to avoid any\nrisk.","modified":"2026-03-20T12:22:37.797173Z","published":"2025-12-24T13:05:41.858Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50745.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0fd003d3c708c80350a815eaf37b8e1114b976cf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5451efb2ca30f3c42b9efb8327ce35b62870dbd3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6512c9498fcb97e7c760e3ef86b2272f2c0f765f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c4d344163c3a7f90712525f931a6c016bbb35e18"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ce50c612458091d926ccb05d7db11d9f93532db2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50745.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50745"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1ebaeb09830f36c1111b72a95420814225bd761c"},{"fixed":"5451efb2ca30f3c42b9efb8327ce35b62870dbd3"},{"fixed":"ce50c612458091d926ccb05d7db11d9f93532db2"},{"fixed":"6512c9498fcb97e7c760e3ef86b2272f2c0f765f"},{"fixed":"0fd003d3c708c80350a815eaf37b8e1114b976cf"},{"fixed":"c4d344163c3a7f90712525f931a6c016bbb35e18"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50745.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.10.0"},{"fixed":"5.10.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.87"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.18"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50745.json"}}],"schema_version":"1.7.5"}