CVE-2022-50005
Published: Jun 18, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout When the pn532 uart device is detaching, the pn532_uart_remove() is called. But there are no functions in pn532_uart_remove() that could delete the cmd_timeout timer, which will cause use-after-free bugs. The process is shown below: (thread 1) | (thread 2) | pn532_uart_send_frame pn532_uart_remove | mod_timer(&pn532->cmd_timeout,...) ... | (wait a time) kfree(pn532) //FREE | pn532_cmd_timeout | pn532_uart_send_frame | pn532->... //USE This patch adds del_timer_sync() in pn532_uart_remove() in order to prevent the use-after-free bugs. What's more, the pn53x_unregister_nfc() is well synchronized, it sets nfc_dev->shutting_down to true and there are no syscalls could restart the cmd_timeout timer.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < 50403ee6daddf0d7a14e9d3b51a377c39a08ec8caffected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < 9c34c33893db7a80d0e4b55c23d3b65e29609cfbaffected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < 2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5affected c656aa4c27b17a8c70da223ed5ab42145800d6b5 - < f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6 |
Linux | Linux | affected 5.5unaffected 0 - < 5.5unaffected 5.10.140 - <= 5.10.*unaffected 5.15.64 - <= 5.15.*unaffected 5.19.6 - <= 5.19.*+1 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now