PT-2022-6833 · Linux+3 · Linux Kernel+3

Hyunwoo Kim

Published

2022-10-30

Updated

2026-05-26

CVE-2022-44033

CVSS v3.1

6.4

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 6.0.6

Description The issue is related to a race condition between the cm4040 open() and reader detach() functions in the drivers/char/pcmcia/cm4040 cs.c module. This condition can lead to a use-after-free scenario if a physically proximate attacker removes a PCMCIA device while the open() function is being called. The exploitation of this issue may allow an attacker to cause a denial of service or have other impacts.

Recommendations For Linux kernel versions through 6.0.6, as a temporary workaround, consider disabling the cm4040 open() function until a patch is available. Restrict access to the drivers/char/pcmcia/cm4040 cs.c module to minimize the risk of exploitation. Avoid using the open() function with PCMCIA devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2022-2993

ALT-PU-2022-3060

ALT-PU-2022-3364

ALT-PU-2022-3371

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

AZL-11381

BDU:2023-04895

CVE-2022-44033

ECHO-102C-1BE0-CECA

OESA-2023-1779

OESA-2023-1780

OESA-2023-1781

OESA-2023-1782

OESA-2023-1783

OPENSUSE-SU-2024:12470-1

OPENSUSE-SU-2024:13704-1

SUSE-SU-2023:0416-1

Affected Products

Alt Linux

Debian

Linux Kernel

Suse

PT-2022-6833 · Linux+3 · Linux Kernel+3

CVE-2022-44033

Weakness Enumeration

Related Identifiers

Affected Products

References · 360