CVE-2022-49505

Summary

CVE-2022-49505 is a vulnerability in the Linux kernel affecting the NFC (Near Field Communication) subsystem. The issue arises from a assumptions made in the commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register\_device"), which results in a NULL pointer dereference and a use-after-free condition. This can potentially lead to a kernel crash, as evidenced by the provided crash trace. The vulnerability exists due to the unregistered rfkill object still being accessible after the device is unregistered. This issue has been resolved in the latest kernel version (5.18-rc2).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.