CVE-2022-49493

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 26, 2025

Updated: Feb 27, 2025

CWE ID 416

Summary

CVE-2022-49493 is a logic error vulnerability affecting the Linux kernel's ASoC (Audio Subsystem On Chip) driver for the rt5645 chip. The issue lies in the order of operations during the removal of an rt5645 device. Specifically, the function rt5645_i2c_remove first cancels the jack_detect_work and deletes the btn_check_timer, but since the timer handler rt5645_btn_check_callback can re-queue the jack_detect_work, this cleanup order is buggy. This leads to a potential use-after-free vulnerability. The patch fixes the issue by swapping the order of the del_timer_sync and cancel_delayed_work_sync functions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners