CVE-2022-49493: ASoC: rt5645: Fix errorenous cleanup order
First published: Wed Feb 26 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and delete the &rt5645->btn_check_timer latter. However, since the timer handler rt5645_btn_check_callback() will re-queue the jack_detect_work, this cleanup order is buggy. That is, once the del_timer_sync in rt5645_i2c_remove is concurrently run with the rt5645_btn_check_callback, the canceled jack_detect_work will be rescheduled again, leading to possible use-after-free. This patch fix the issue by placing the del_timer_sync function before the cancel_delayed_work_sync.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | <4.9.318 | |
| Linux Kernel | >=4.10<4.14.283 | |
| Linux Kernel | >=4.15<4.19.247 | |
| Linux Kernel | >=4.20<5.4.198 | |
| Linux Kernel | >=5.5<5.10.121 | |
| Linux Kernel | >=5.11<5.15.46 | |
| Linux Kernel | >=5.16<5.17.14 | |
| Linux Kernel | >=5.18<5.18.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/7d801e807536a9a9c2146c5f4a5836f154517ed3
- https://git.kernel.org/stable/c/236d29c5857f02e0a53fdf15d3dce1536c4322ce
- https://git.kernel.org/stable/c/0941150100173d4eaf3fe08ff4b16740e7c3026f
- https://git.kernel.org/stable/c/abe7554da62cb489712a54de69ef5665c250e564
- https://git.kernel.org/stable/c/1a5a3dfd9f172dcb115072f0aea5e27d3083c20e
- https://git.kernel.org/stable/c/061a6159cea583f1155f67d1915917a6b9282662
- https://git.kernel.org/stable/c/88c09e4812d72c3153afc8e5a45ecac2d0eae3ff
- https://git.kernel.org/stable/c/453f0920ffc1a28e28ddb9c3cd5562472b2895b0
- https://git.kernel.org/stable/c/2def44d3aec59e38d2701c568d65540783f90f2f
Frequently Asked Questions
What is the severity of CVE-2022-49493?
CVE-2022-49493 has been assigned a severity level that indicates a logic error in the cleanup process when removing the rt5645 device in the Linux kernel.
How do I fix CVE-2022-49493?
To resolve CVE-2022-49493, upgrade to a patched version of the Linux kernel that addresses the erroneous cleanup order in the rt5645 device.
What versions of the Linux kernel are affected by CVE-2022-49493?
CVE-2022-49493 affects multiple versions of the Linux kernel, specifically versions from 4.9 to 5.18.3.
What impact does CVE-2022-49493 have on system security?
The impact of CVE-2022-49493 may lead to potential stability issues when managing the rt5645 audio device, which can affect overall system performance.
Is CVE-2022-49493 a remote code execution vulnerability?
CVE-2022-49493 is not classified as a remote code execution vulnerability; it is related to a local logic error during device cleanup.
- agent/first-publish-date
- agent/type
- agent/references
- agent/title
- agent/author
- agent/source
- agent/description
- agent/severity
- agent/guess-ai
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.18