DEBIAN-CVE-2022-49493
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2022-49493
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49493.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-49493
- Upstream
- Published
- 2025-02-26T07:01:25Z
- Modified
- 2025-09-19T07:33:01.577722Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645i2cremove() first cancel the &rt5645->jackdetectwork and delete the &rt5645->btnchecktimer latter. However, since the timer handler rt5645btncheckcallback() will re-queue the jackdetectwork, this cleanup order is buggy. That is, once the deltimersync in rt5645i2cremove is concurrently run with the rt5645btncheckcallback, the canceled jackdetectwork will be rescheduled again, leading to possible use-after-free. This patch fix the issue by placing the deltimersync function before the canceldelayedwork_sync.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.127-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source