CVE-2022-49685

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue has been identified in the Linux kernel, specifically in the iio trigger sysfs. The problem occurs when the irq work has not completed before the trigger is freed, leading to a potential read of size 8 at an address that has already been freed. This issue is related to the irq work run list function and can be triggered through the sysfs kf write and kernfs fop write iter functions, which are used for writing to sysfs files. The estimated number of potentially affected devices worldwide is not available.

Recommendations Ensure that the irq work has completed before the trigger is freed. As a temporary workaround, consider disabling the irq work run list function until a patch is available. Restrict access to the vulnerable sysfs files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.