CVE-2022-49968
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-18

Last updated on: 2025-11-13

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) | The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks. To fix this, we can add a flag write at the beginning of adf7242_remove and add flag check in adf7242_channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregister_netdev") which let the ieee802154_unregister_hw() to handle the synchronization. This patch takes the second option. runs")
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-18
Last Modified
2025-11-13
Generated
2026-05-07
AI Q&A
2025-06-18
EPSS Evaluated
2026-05-05
NVD
CVE-2022-49968
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel 4.18
linux linux_kernel 4.18
linux linux_kernel 4.18
linux linux_kernel 4.18
linux linux_kernel 6.0
linux linux_kernel 6.0
linux linux_kernel 6.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition (use-after-free) in the Linux kernel's ieee802154/adf7242 driver. It occurs because the upper layer (ieee802154) is unaware of a detaching event, allowing the function adf7242_channel to be called without proper checks after the workqueue has been destroyed. This can lead to accessing freed memory, causing instability or crashes. The fix involves deferring the destruction of the workqueue to ensure proper synchronization.


How can this vulnerability impact me? :

This vulnerability can cause system instability or crashes due to use-after-free errors in the Linux kernel's ieee802154/adf7242 driver. It may lead to unpredictable behavior or denial of service in systems using this driver.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by deferring the destroy_workqueue call in the ieee802154/adf7242 driver to avoid a race condition (use-after-free). Immediate mitigation would involve applying the patch that defers the destructive operation, allowing ieee802154_unregister_hw() to handle synchronization properly. Without a patch, there is no direct workaround mentioned.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart