CVE-2022-49968

EPSS 0.01%
Veröffentlicht 18.06.2025 11:00:32
Zuletzt bearbeitet 13.11.2025 21:15:49
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

ieee802154/adf7242: defer destroy_workqueue call

There is a possible race condition (use-after-free) like below

  (FREE)                     |  (USE)
  adf7242_remove             |  adf7242_channel
   cancel_delayed_work_sync  |
    destroy_workqueue (1)    |   adf7242_cmd_rx
                             |    mod_delayed_work (2)
                             |

The root cause for this race is that the upper layer (ieee802154) is
unaware of this detaching event and the function adf7242_channel can
be called without any checks.

To fix this, we can add a flag write at the beginning of adf7242_remove
and add flag check in adf7242_channel. Or we can just defer the
destructive operation like other commit 3e0588c291d6 ("hamradio: defer
ax25 kfree after unregister_netdev") which let the
ieee802154_unregister_hw() to handle the synchronization. This patch
takes the second option.

runs")

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.17.19 < 4.18

Linux ≫ Linux Kernel Version >= 4.18.1 < 4.19.258

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.213

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.142

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.66

Linux ≫ Linux Kernel Version >= 5.16 < 5.19.8

Linux ≫ Linux Kernel Version4.18 Update-

Linux ≫ Linux Kernel Version4.18 Updaterc6

Linux ≫ Linux Kernel Version4.18 Updaterc7

Linux ≫ Linux Kernel Version4.18 Updaterc8

Linux ≫ Linux Kernel Version6.0 Updaterc1

Linux ≫ Linux Kernel Version6.0 Updaterc2

Linux ≫ Linux Kernel Version6.0 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.011

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c

Patch

https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008

Patch

https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271

Patch

https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485

Patch

https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6

Patch

https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49968

EUVD