Detections
Analytics

CVE-2022-49968

medium

Description

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) | The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks. To fix this, we can add a flag write at the beginning of adf7242_remove and add flag check in adf7242_channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregister_netdev") which let the ieee802154_unregister_hw() to handle the synchronization. This patch takes the second option. runs")

References

https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c

https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008

https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf

https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485

https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271

https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6

Details

Source: Mitre, NVD

Published: 2025-06-18

Updated: 2025-06-18

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00024