CVE-2022-50305Use After Free in Linux

CWE-416Use After FreeCWE-362Race Condition4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove() sof_es8336_remove() calls cancel_delayed_work(). However, that function does not wait until the work function finishes. This means that the callback function may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling cancel_delayed_work_sync(), which ensures that the work is properly cancelled

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDlinux/linux_kernel6.0.116.0.16+2
CVEListV5linux/linuxb60ee210a76cabdc2dd5396de299a1860b4945cdb85102a3aa3810a09eb55692e8cd6ffbb304e57d+3

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2022-50305: In the Linux kernel, the following vulnerability has been resolved: ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove() sof_es8336_re2025-09-15
GHSA
GHSA-3h5g-cg8f-5hwj: In the Linux kernel, the following vulnerability has been resolved: ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove() sof_es8336_2025-09-15

📋Vendor Advisories

1
Red Hat
kernel: ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove()2025-09-15
CVE-2022-50305 — Use After Free in Linux | cvebase