CVE-2022-45919: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-45919) was discovered in the Linux kernel through version 6.0.10. The vulnerability exists in the drivers/media/dvb-core/dvbcaen50221.c file, where a use-after-free condition can occur if there is a disconnect after an open operation, due to the lack of a wait_event implementation (NVD, Debian Tracker).

The vulnerability stems from a race condition in the DVB Core driver's CA EN50221 implementation. The issue occurs when the device node is opened and subsequently disconnected, leading to a potential use-after-free condition during the close operation. The root cause was identified as missing wakeup() and waitevent() implementations for dvbdev->wait_queue. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (HIGH) with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Kernel Patch, NetApp Advisory).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The vulnerability requires local access and high complexity to exploit, but could result in high impacts to confidentiality, integrity, and availability (NetApp Advisory).

A fix has been implemented that adds a 'removemutex' to prevent race conditions for 'ca->exit' and implements proper waitevent functionality in dvbcaen50221_release(). The patch has been merged into the Linux kernel mainline (Kernel Patch).