CVE-2022-48984

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.8-1-default

Description A crash in the slcan driver occurs due to a freed work crash. The LTP test pty03 causes this crash, resulting in a kernel NULL pointer dereference. The issue arises when the slcan's tx work is freed while being scheduled, and the work is not flushed under all circumstances.

Recommendations To resolve the issue, add an additional flush work() to slcan close() to ensure the work is flushed under all circumstances. Consider temporarily disabling the slcan driver until a patch is available. Restrict access to the vulnerable slcan module to minimize the risk of exploitation. Avoid using the tx work variable in the affected slcan driver until the issue is resolved.