{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-49493", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.585Z", "datePublished": "2025-02-26T02:13:29.518Z", "dateUpdated": "2026-05-11T19:00:58.111Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:00:58.111Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix errorenous cleanup order\n\nThere is a logic error when removing rt5645 device as the function\nrt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and\ndelete the &rt5645->btn_check_timer latter. However, since the timer\nhandler rt5645_btn_check_callback() will re-queue the jack_detect_work,\nthis cleanup order is buggy.\n\nThat is, once the del_timer_sync in rt5645_i2c_remove is concurrently\nrun with the rt5645_btn_check_callback, the canceled jack_detect_work\nwill be rescheduled again, leading to possible use-after-free.\n\nThis patch fix the issue by placing the del_timer_sync function before\nthe cancel_delayed_work_sync."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/rt5645.c"], "versions": [{"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "236d29c5857f02e0a53fdf15d3dce1536c4322ce", "status": "affected", "versionType": "git"}, {"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "0941150100173d4eaf3fe08ff4b16740e7c3026f", "status": "affected", "versionType": "git"}, {"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "abe7554da62cb489712a54de69ef5665c250e564", "status": "affected", "versionType": "git"}, {"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "1a5a3dfd9f172dcb115072f0aea5e27d3083c20e", "status": "affected", "versionType": "git"}, {"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "061a6159cea583f1155f67d1915917a6b9282662", "status": "affected", "versionType": "git"}, {"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "88c09e4812d72c3153afc8e5a45ecac2d0eae3ff", "status": "affected", "versionType": "git"}, {"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "453f0920ffc1a28e28ddb9c3cd5562472b2895b0", "status": "affected", "versionType": "git"}, {"version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "2def44d3aec59e38d2701c568d65540783f90f2f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["sound/soc/codecs/rt5645.c"], "versions": [{"version": "4.13", "status": "affected"}, {"version": "0", "lessThan": "4.13", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.283", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.247", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.121", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.46", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.14", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "4.14.283"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "4.19.247"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.10.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.15.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.17.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.13", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/236d29c5857f02e0a53fdf15d3dce1536c4322ce"}, {"url": "https://git.kernel.org/stable/c/0941150100173d4eaf3fe08ff4b16740e7c3026f"}, {"url": "https://git.kernel.org/stable/c/abe7554da62cb489712a54de69ef5665c250e564"}, {"url": "https://git.kernel.org/stable/c/1a5a3dfd9f172dcb115072f0aea5e27d3083c20e"}, {"url": "https://git.kernel.org/stable/c/061a6159cea583f1155f67d1915917a6b9282662"}, {"url": "https://git.kernel.org/stable/c/88c09e4812d72c3153afc8e5a45ecac2d0eae3ff"}, {"url": "https://git.kernel.org/stable/c/453f0920ffc1a28e28ddb9c3cd5562472b2895b0"}, {"url": "https://git.kernel.org/stable/c/2def44d3aec59e38d2701c568d65540783f90f2f"}], "title": "ASoC: rt5645: Fix errorenous cleanup order", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49493", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-27T18:15:46.025138Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T18:22:32.146Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-49493", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-27T18:15:46.025138Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T18:15:47.592Z"}}], "cna": {"title": "ASoC: rt5645: Fix errorenous cleanup order", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "236d29c5857f02e0a53fdf15d3dce1536c4322ce", "versionType": "git"}, {"status": "affected", "version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "0941150100173d4eaf3fe08ff4b16740e7c3026f", "versionType": "git"}, {"status": "affected", "version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "abe7554da62cb489712a54de69ef5665c250e564", "versionType": "git"}, {"status": "affected", "version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "1a5a3dfd9f172dcb115072f0aea5e27d3083c20e", "versionType": "git"}, {"status": "affected", "version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "061a6159cea583f1155f67d1915917a6b9282662", "versionType": "git"}, {"status": "affected", "version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "88c09e4812d72c3153afc8e5a45ecac2d0eae3ff", "versionType": "git"}, {"status": "affected", "version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "453f0920ffc1a28e28ddb9c3cd5562472b2895b0", "versionType": "git"}, {"status": "affected", "version": "a6ff8ddcf3f38ec84337e5e7eb3e0e9a73754cf5", "lessThan": "2def44d3aec59e38d2701c568d65540783f90f2f", "versionType": "git"}], "programFiles": ["sound/soc/codecs/rt5645.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.13"}, {"status": "unaffected", "version": "0", "lessThan": "4.13", "versionType": "semver"}, {"status": "unaffected", "version": "4.14.283", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.247", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.198", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.121", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.46", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.17.14", "versionType": "semver", "lessThanOrEqual": "5.17.*"}, {"status": "unaffected", "version": "5.18.3", "versionType": "semver", "lessThanOrEqual": "5.18.*"}, {"status": "unaffected", "version": "5.19", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["sound/soc/codecs/rt5645.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/236d29c5857f02e0a53fdf15d3dce1536c4322ce"}, {"url": "https://git.kernel.org/stable/c/0941150100173d4eaf3fe08ff4b16740e7c3026f"}, {"url": "https://git.kernel.org/stable/c/abe7554da62cb489712a54de69ef5665c250e564"}, {"url": "https://git.kernel.org/stable/c/1a5a3dfd9f172dcb115072f0aea5e27d3083c20e"}, {"url": "https://git.kernel.org/stable/c/061a6159cea583f1155f67d1915917a6b9282662"}, {"url": "https://git.kernel.org/stable/c/88c09e4812d72c3153afc8e5a45ecac2d0eae3ff"}, {"url": "https://git.kernel.org/stable/c/453f0920ffc1a28e28ddb9c3cd5562472b2895b0"}, {"url": "https://git.kernel.org/stable/c/2def44d3aec59e38d2701c568d65540783f90f2f"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix errorenous cleanup order\n\nThere is a logic error when removing rt5645 device as the function\nrt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and\ndelete the &rt5645->btn_check_timer latter. However, since the timer\nhandler rt5645_btn_check_callback() will re-queue the jack_detect_work,\nthis cleanup order is buggy.\n\nThat is, once the del_timer_sync in rt5645_i2c_remove is concurrently\nrun with the rt5645_btn_check_callback, the canceled jack_detect_work\nwill be rescheduled again, leading to possible use-after-free.\n\nThis patch fix the issue by placing the del_timer_sync function before\nthe cancel_delayed_work_sync."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.14.283", "versionStartIncluding": "4.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.121", "versionStartIncluding": "4.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.46", "versionStartIncluding": "4.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.17.14", "versionStartIncluding": "4.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.18.3", "versionStartIncluding": "4.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.19", "versionStartIncluding": "4.13"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T19:00:58.111Z"}}}, "cveMetadata": {"cveId": "CVE-2022-49493", "state": "PUBLISHED", "dateUpdated": "2026-05-11T19:00:58.111Z", "dateReserved": "2025-02-26T02:08:31.585Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2025-02-26T02:13:29.518Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D4D4067-974D-4560-8320-22FDA399E3F9", "versionEndExcluding": "4.9.318", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6823775-2653-4644-A0D4-4E6E68F10C65", "versionEndExcluding": "4.14.283", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8CFA0F4-2D75-41F4-9753-87944A08B53B", "versionEndExcluding": "4.19.247", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC49633-14DE-4EBD-BB80-76AE2E3EABB9", "versionEndExcluding": "5.4.198", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "34ACD872-E5BC-401C-93D5-B357A62426E0", "versionEndExcluding": "5.10.121", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "20D41697-0E8B-4B7D-8842-F17BF2AA21E1", "versionEndExcluding": "5.15.46", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "15E2DD33-2255-4B76-9C15-04FF8CBAB252", "versionEndExcluding": "5.17.14", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix errorenous cleanup order\n\nThere is a logic error when removing rt5645 device as the function\nrt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and\ndelete the &rt5645->btn_check_timer latter. However, since the timer\nhandler rt5645_btn_check_callback() will re-queue the jack_detect_work,\nthis cleanup order is buggy.\n\nThat is, once the del_timer_sync in rt5645_i2c_remove is concurrently\nrun with the rt5645_btn_check_callback, the canceled jack_detect_work\nwill be rescheduled again, leading to possible use-after-free.\n\nThis patch fix the issue by placing the del_timer_sync function before\nthe cancel_delayed_work_sync."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: rt5645: Se corrige el orden de depuraci\u00f3n err\u00f3neo Hay un error l\u00f3gico al eliminar el dispositivo rt5645, ya que la funci\u00f3n rt5645_i2c_remove() primero cancela &rt5645->jack_detect_work y elimina &rt5645->btn_check_timer despu\u00e9s. Sin embargo, dado que el controlador del temporizador rt5645_btn_check_callback() volver\u00e1 a poner en cola jack_detect_work, este orden de limpieza tiene errores. Es decir, una vez que del_timer_sync en rt5645_i2c_remove se ejecuta simult\u00e1neamente con rt5645_btn_check_callback, el jack_detect_work cancelado se reprogramar\u00e1 nuevamente, lo que provocar\u00e1 un posible use-after-free. Este parche soluciona el problema colocando la funci\u00f3n del_timer_sync antes de cancel_delayed_work_sync."}], "id": "CVE-2022-49493", "lastModified": "2025-09-03T17:15:32.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-26T07:01:25.520", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/061a6159cea583f1155f67d1915917a6b9282662"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0941150100173d4eaf3fe08ff4b16740e7c3026f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1a5a3dfd9f172dcb115072f0aea5e27d3083c20e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/236d29c5857f02e0a53fdf15d3dce1536c4322ce"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2def44d3aec59e38d2701c568d65540783f90f2f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/453f0920ffc1a28e28ddb9c3cd5562472b2895b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/88c09e4812d72c3153afc8e5a45ecac2d0eae3ff"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/abe7554da62cb489712a54de69ef5665c250e564"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: ASoC: rt5645: Fix errorenous cleanup order", "id": "2348235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348235"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nASoC: rt5645: Fix errorenous cleanup order\nThere is a logic error when removing rt5645 device as the function\nrt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and\ndelete the &rt5645->btn_check_timer latter. However, since the timer\nhandler rt5645_btn_check_callback() will re-queue the jack_detect_work,\nthis cleanup order is buggy.\nThat is, once the del_timer_sync in rt5645_i2c_remove is concurrently\nrun with the rt5645_btn_check_callback, the canceled jack_detect_work\nwill be rescheduled again, leading to possible use-after-free.\nThis patch fix the issue by placing the del_timer_sync function before\nthe cancel_delayed_work_sync."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent module snd-soc-rt5645 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2022-49493", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49493\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49493\nhttps://lore.kernel.org/linux-cve-announce/2025022606-CVE-2022-49493-a2ff@gregkh/T"], "statement": "The bug could happen only when removing device, so the security impact is limited (and only privileged user can do remove device or remove driver of device). If sound device RT5645 not being used, then bug not triggerable. The complexity to trigger the bug is high, because could happen only as result kind of race condition (if triggered by timer fast enough in particular period of time during device removing).", "threat_severity": "Moderate"}

{}