Bug 2348138 (CVE-2022-49685) - CVE-2022-49685 kernel: iio: trigger: sysfs: fix use-after-free on remove
Summary: CVE-2022-49685 kernel: iio: trigger: sysfs: fix use-after-free on remove
Keywords:
Status: NEW
Alias: CVE-2022-49685
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:18 UTC by OSIDB Bzimport
Modified: 2025-02-26 20:43 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:18:56 UTC 
In the Linux kernel, the following vulnerability has been resolved:

iio: trigger: sysfs: fix use-after-free on remove

Ensure that the irq_work has completed before the trigger is freed.

 ==================================================================
 BUG: KASAN: use-after-free in irq_work_run_list
 Read of size 8 at addr 0000000064702248 by task python3/25

 Call Trace:
  irq_work_run_list
  irq_work_tick
  update_process_times
  tick_sched_handle
  tick_sched_timer
  __hrtimer_run_queues
  hrtimer_interrupt

 Allocated by task 25:
  kmem_cache_alloc_trace
  iio_sysfs_trig_add
  dev_attr_store
  sysfs_kf_write
  kernfs_fop_write_iter
  new_sync_write
  vfs_write
  ksys_write
  sys_write

 Freed by task 25:
  kfree
  iio_sysfs_trig_remove
  dev_attr_store
  sysfs_kf_write
  kernfs_fop_write_iter
  new_sync_write
  vfs_write
  ksys_write
  sys_write

 ==================================================================
Comment 1 Avinash Hanwate 2025-02-26 20:32:29 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022626-CVE-2022-49685-3634@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.