CVE-2022-49968

{"id": "CVE-2022-49968", "cveTags": [], "metrics": {}, "published": "2025-06-18T11:15:24.123", "references": [{"url": "https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154/adf7242: defer destroy_workqueue call\n\nThere is a possible race condition (use-after-free) like below\n\n (FREE) | (USE)\n adf7242_remove | adf7242_channel\n cancel_delayed_work_sync |\n destroy_workqueue (1) | adf7242_cmd_rx\n | mod_delayed_work (2)\n |\n\nThe root cause for this race is that the upper layer (ieee802154) is\nunaware of this detaching event and the function adf7242_channel can\nbe called without any checks.\n\nTo fix this, we can add a flag write at the beginning of adf7242_remove\nand add flag check in adf7242_channel. Or we can just defer the\ndestructive operation like other commit 3e0588c291d6 (\"hamradio: defer\nax25 kfree after unregister_netdev\") which let the\nieee802154_unregister_hw() to handle the synchronization. This patch\ntakes the second option.\n\nruns\")"}], "lastModified": "2025-06-18T13:46:52.973", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}