CVE-2022-49696

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.18.0-rc4

Description A use-after-free issue was found in the Linux kernel, specifically in the tipc named reinit function. This issue was identified by syzbot and is related to a deadlock when flushing scheduled work. The problem occurs because the cancel work sync() function does not guarantee that the work is the last queued, allowing a destroyed instance to be accessed in the work that tries to enqueue later. The estimated number of potentially affected devices is not provided.

Recommendations For Linux kernel versions prior to 5.18.0-rc4, consider applying the patch that re-orders the calling of cancel work sync() to ensure the work tipc net finalize work() was last queued and is completed by calling cancel work sync(). As a temporary workaround, consider disabling the tipc named reinit function until a patch is available. Restrict access to the net/tipc/name distr.c module to minimize the risk of exploitation. Avoid using the tipc net finalize work() function in the affected kernel versions until the issue is resolved.