CVE-2022-41849

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.12

Description The issue is related to a race condition in the Linux kernel, specifically in the drivers/video/fbdev/smscufx.c file. This condition occurs when a physically proximate attacker removes a USB device while the open() function is being called, resulting in a use-after-free scenario. The race condition is between the ufx ops open and ufx usb disconnect functions. This can potentially allow an attacker to cause a denial of service.

Recommendations For Linux kernel versions prior to 5.19.12, update to a version 5.19.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the ufx ops open function and the ufx usb disconnect function to minimize the risk of exploitation. Additionally, avoid removing USB devices while the open() function is being called to prevent the race condition from occurring.