CVE-2022-50305

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ASoC sof es8336 driver. The sof es8336 remove() function calls cancel delayed work(), which does not guarantee completion of the associated work function before the driver's remove function finishes. This can lead to a use-after-free condition if the callback function continues to execute after the driver has been removed. The issue is addressed by using cancel delayed work sync(), which ensures the work is cancelled and cannot be rescheduled.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

BDU:2026-02048

CVE-2022-50305

Affected Products

Linux Kernel

Sof Es8336

CVE-2022-50305

Weakness Enumeration

Related Identifiers

Affected Products

References · 16