CVE-2022-45884: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-45884) was discovered in the Linux kernel through version 6.0.9. The vulnerability exists in the drivers/media/dvb-core/dvbdev.c file and is related to dvbregisterdevice dynamically allocating fops. The issue was discovered in November 2022 and affects Linux kernel systems (NVD, Kernel Commit).

The vulnerability occurs when dvbregisterdevice() dynamically allocates fops with kmemdup() to set the fops->owner. These fops are registered in 'file->fops' using replacefops() during the dvbdeviceopen() process and are freed in dvbfreedevice(). The issue arises because it is uncommon to use dynamically allocated fops instead of 'static const' fops as an argument of replace_fops(). The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NetApp Advisory).

The vulnerability can affect any DVB type using dvbregisterdevice(), including dvbdvr, dvbdemux, dvbfrontend, and dvbnet. When successfully exploited, this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Advisory).

A fix was implemented that changes how fops are handled in dvbregisterdevice(). Instead of freeing the fops during the .disconnect() process in dvbfreedevice(), they are now collectively freed in exit_dvbdev() when the dvbdev.c module is removed. The patch also implements checks to prevent memory leaks when the same device is probe()d repeatedly (Kernel Patch).