CVE-2022-49059

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 26, 2025

Updated: Feb 27, 2025

CWE ID 416

Summary

CVE-2022-49059 is a use-after-free (UAF) vulnerability affecting the Linux kernel's nfc subsystem. The issue arises from an unexpected scheduling race between the cleanup routine and the timer or workqueue, leading to the cmd_timer being re-attached after being detached and released. This results in a UAF, which can be easily triggered and cause a system crash. The affected components include nci_dev_up(), nci_open_device(), and nci_unregister_device(). The vulnerability was discovered during the execution of nci_free_device() and nci_cmd_work().

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3uq_NV
https://www.cve.org/CVERecord?id=CVE-2022-49059
https://nvd.nist.gov/vuln/detail/CVE-2022-49059

Back to Vulnerability Database