CVE-2022-49968
ieee802154/adf7242: defer destroy_workqueue call
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
ieee802154/adf7242: defer destroy_workqueue call
In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) | The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks. To fix this, we can add a flag write at the beginning of adf7242_remove and add flag check in adf7242_channel. Or we can just defer the destructive operation like other commit 3e0588c291d6 ("hamradio: defer ax25 kfree after unregister_netdev") which let the ieee802154_unregister_hw() to handle the synchronization. This patch takes the second option. runs")
Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linuxgit.kernel.org/...c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c
git.kernel.org/...c/bed12d7531df1417fc92c691999ff95e03835008
git.kernel.org/...c/23a29932715ca43bceb2eae1bdb770995afe7271
git.kernel.org/...c/9f8558c5c642c62c450c98c99b7d18a709fff485
git.kernel.org/...c/15f3b89bd521d5770d36a61fc04a77c293138ba6
git.kernel.org/...c/afe7116f6d3b888778ed6d95e3cf724767b9aedf
Support options
