CVE-2022-50005

EPSS 0.02%
Veröffentlicht 18.06.2025 11:01:10
Zuletzt bearbeitet 14.11.2025 16:51:49
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout

When the pn532 uart device is detaching, the pn532_uart_remove()
is called. But there are no functions in pn532_uart_remove() that
could delete the cmd_timeout timer, which will cause use-after-free
bugs. The process is shown below:

    (thread 1)                  |        (thread 2)
                                |  pn532_uart_send_frame
pn532_uart_remove               |    mod_timer(&pn532->cmd_timeout,...)
  ...                           |    (wait a time)
  kfree(pn532) //FREE           |    pn532_cmd_timeout
                                |      pn532_uart_send_frame
                                |        pn532->... //USE

This patch adds del_timer_sync() in pn532_uart_remove() in order to
prevent the use-after-free bugs. What's more, the pn53x_unregister_nfc()
is well synchronized, it sets nfc_dev->shutting_down to true and there
are no syscalls could restart the cmd_timeout timer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.140

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.64

Linux ≫ Linux Kernel Version >= 5.16 < 5.19.6

Linux ≫ Linux Kernel Version6.0 Updaterc1

Linux ≫ Linux Kernel Version6.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.026

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/50403ee6daddf0d7a14e9d3b51a377c39a08ec8c

Patch

https://git.kernel.org/stable/c/9c34c33893db7a80d0e4b55c23d3b65e29609cfb

Patch

https://git.kernel.org/stable/c/2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5

Patch

https://git.kernel.org/stable/c/f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50005

EUVD