CVE-2022-49968

MEDIUM EPSS 3.2%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) | The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks. To fix this, we can add a flag write at the beginning of adf7242_remove and add flag check in adf7242_channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregister_netdev") which let the ieee802154_unregister_hw() to handle the synchronization. This patch takes the second option. runs")

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-362
CWE-416 Use After Free Memory Safety

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥4.17.19  –  <4.18
linuxlinux_kernel*≥4.18.1  –  <4.19.258
linuxlinux_kernel*≥4.20  –  <5.4.213
linuxlinux_kernel*≥5.5  –  <5.10.142
linuxlinux_kernel*≥5.11  –  <5.15.66
linuxlinux_kernel*≥5.16  –  <5.19.8
linuxlinux_kernel4.18any
linuxlinux_kernel4.18any
linuxlinux_kernel4.18any
linuxlinux_kernel4.18any
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c
    Patch