CVE-2022-50005

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout<br /> <br /> When the pn532 uart device is detaching, the pn532_uart_remove()<br /> is called. But there are no functions in pn532_uart_remove() that<br /> could delete the cmd_timeout timer, which will cause use-after-free<br /> bugs. The process is shown below:<br /> <br /> (thread 1) | (thread 2)<br /> | pn532_uart_send_frame<br /> pn532_uart_remove | mod_timer(&amp;pn532-&gt;cmd_timeout,...)<br /> ... | (wait a time)<br /> kfree(pn532) //FREE | pn532_cmd_timeout<br /> | pn532_uart_send_frame<br /> | pn532-&gt;... //USE<br /> <br /> This patch adds del_timer_sync() in pn532_uart_remove() in order to<br /> prevent the use-after-free bugs. What&amp;#39;s more, the pn53x_unregister_nfc()<br /> is well synchronized, it sets nfc_dev-&gt;shutting_down to true and there<br /> are no syscalls could restart the cmd_timeout timer.