CVE-2022-50005

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free bug has been identified in the Linux kernel, specifically in the nfc: pn533 module. This issue arises when the pn532 uart device is detaching, and the pn532 uart remove() function is called without deleting the cmd timeout timer, leading to potential use-after-free bugs. The bug occurs due to a race condition between two threads, where one thread frees the pn532 structure while another thread attempts to access it. To fix this issue, a patch has been added to call del timer sync() in pn532 uart remove(), preventing the use-after-free bugs. Additionally, the pn53x unregister nfc() function is well-synchronized, setting nfc dev->shutting down to true and preventing syscalls from restarting the cmd timeout timer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.