PT-2022-6834 · Linux+3 · Linux Kernel+3

Hyunwoo Kim

Published

2022-10-30

Updated

2026-05-26

CVE-2022-44032

CVSS v3.1

6.4

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.7

Description The issue is related to a race condition between the cmm open() and cm4000 detach() functions in the drivers/char/pcmcia/cm4040 cs.c module, leading to a use-after-free condition. This can be triggered by removing a PCMCIA device while the open() function is being called, potentially allowing an attacker to cause a denial of service or other impact.

Recommendations For Linux kernel versions prior to 6.0.7, consider disabling the cmm open() function or restricting access to the cm4040 cs.c module until a patch is available. As a temporary workaround, avoid removing PCMCIA devices while the open() function is being called to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2022-2993

ALT-PU-2022-3060

ALT-PU-2022-3364

ALT-PU-2022-3371

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

AZL-11380

BDU:2023-04896

CVE-2022-44032

ECHO-8C22-3460-CD2B

OPENSUSE-SU-2024:12470-1

OPENSUSE-SU-2024:13704-1

SUSE-SU-2023:0416-1

Affected Products

Alt Linux

Debian

Linux Kernel

Suse

PT-2022-6834 · Linux+3 · Linux Kernel+3

CVE-2022-44032

Weakness Enumeration

Related Identifiers

Affected Products

References · 335