PT-2025-25894 · Linux+2 · Linux Kernel+2

Published

2022-08-23

Updated

2025-07-28

CVE-2022-49968

CVSS v2.0

7.7

High

Vector

AV:A/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A possible race condition, specifically a use-after-free issue, has been identified in the Linux kernel. This issue arises due to a lack of synchronization between the upper layer (ieee802154) and the detaching event, allowing the function adf7242 channel to be called without proper checks. The root cause is that the upper layer is unaware of the detaching event.

Recommendations To fix this issue, consider adding a flag write at the beginning of adf7242 remove and adding a flag check in adf7242 channel. Alternatively, defer the destructive operation, similar to other commits, to let ieee802154 unregister hw() handle the synchronization. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

BDU:2026-02659

CVE-2022-49968

SUSE-SU-2025:02264-1

SUSE-SU-2025:02308-1

SUSE-SU-2025:02320-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02322-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02308-1

SUSE-SU-2025_02537-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-25894 · Linux+2 · Linux Kernel+2

CVE-2022-49968

Weakness Enumeration

Related Identifiers

Affected Products

References · 604