CVE-2022-49968

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ieee802154/adf7242: defer destroy_workqueue call<br /> <br /> There is a possible race condition (use-after-free) like below<br /> <br /> (FREE) | (USE)<br /> adf7242_remove | adf7242_channel<br /> cancel_delayed_work_sync |<br /> destroy_workqueue (1) | adf7242_cmd_rx<br /> | mod_delayed_work (2)<br /> |<br /> <br /> The root cause for this race is that the upper layer (ieee802154) is<br /> unaware of this detaching event and the function adf7242_channel can<br /> be called without any checks.<br /> <br /> To fix this, we can add a flag write at the beginning of adf7242_remove<br /> and add flag check in adf7242_channel. Or we can just defer the<br /> destructive operation like other commit 3e0588c291d6 ("hamradio: defer<br /> ax25 kfree after unregister_netdev") which let the<br /> ieee802154_unregister_hw() to handle the synchronization. This patch<br /> takes the second option.<br /> <br /> runs")