CVE-2022-49059

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0-rc2

Description A use-after-free bug has been identified in the Linux kernel's NFC subsystem, specifically in the nci device detachment process. This issue arises due to a race condition between the cleanup routine and the worker thread, where the cleanup routine assumes the cmd timer has been detached, but the mod timer can re-attach it, resulting in a use-after-free error. The bug can be easily triggered, and a proof-of-concept crash trace has been provided.

Recommendations For Linux kernel versions prior to 5.18.0-rc2, consider applying a patch that adds a flush workqueue to prevent the use-after-free bug. As a temporary workaround, consider disabling the nci device detachment process until a patch is available. Restrict access to the nci cmd work function to minimize the risk of exploitation. Avoid using the cmd timer and cmd workqueue in the affected NFC subsystem until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.