CVE-2022-49968
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49968
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49968.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49968
- Downstream
- Related
- Published
- 2025-06-18T11:15:24Z
- Modified
- 2025-08-09T20:01:26Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ieee802154/adf7242: defer destroy_workqueue call
There is a possible race condition (use-after-free) like below
(FREE) | (USE) adf7242remove | adf7242channel canceldelayedworksync | destroyworkqueue (1) | adf7242cmdrx | moddelayedwork (2) |
The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks.
To fix this, we can add a flag write at the beginning of adf7242remove and add flag check in adf7242channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregisternetdev") which let the ieee802154unregister_hw() to handle the synchronization. This patch takes the second option.
runs")
- References
-
- https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6
- https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271
- https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485
- https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf
- https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008
- https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c