DEBIAN-CVE-2022-49968
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-49968
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2022-49968.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2022-49968
- Upstream
- Published
- 2025-06-18T11:15:24Z
- Modified
- 2025-09-30T05:15:59.968138Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroyworkqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242remove | adf7242channel canceldelayedworksync | destroyworkqueue (1) | adf7242cmdrx | moddelayedwork (2) | The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242channel can be called without any checks. To fix this, we can add a flag write at the beginning of adf7242remove and add flag check in adf7242channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregisternetdev") which let the ieee802154unregister_hw() to handle the synchronization. This patch takes the second option. runs")
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.148-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source