{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49685","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:21:30.441Z","datePublished":"2025-02-26T02:24:12.143Z","dateUpdated":"2025-05-04T08:43:17.291Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:43:17.291Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: trigger: sysfs: fix use-after-free on remove\n\nEnsure that the irq_work has completed before the trigger is freed.\n\n ==================================================================\n BUG: KASAN: use-after-free in irq_work_run_list\n Read of size 8 at addr 0000000064702248 by task python3/25\n\n Call Trace:\n  irq_work_run_list\n  irq_work_tick\n  update_process_times\n  tick_sched_handle\n  tick_sched_timer\n  __hrtimer_run_queues\n  hrtimer_interrupt\n\n Allocated by task 25:\n  kmem_cache_alloc_trace\n  iio_sysfs_trig_add\n  dev_attr_store\n  sysfs_kf_write\n  kernfs_fop_write_iter\n  new_sync_write\n  vfs_write\n  ksys_write\n  sys_write\n\n Freed by task 25:\n  kfree\n  iio_sysfs_trig_remove\n  dev_attr_store\n  sysfs_kf_write\n  kernfs_fop_write_iter\n  new_sync_write\n  vfs_write\n  ksys_write\n  sys_write\n\n =================================================================="}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iio/trigger/iio-trig-sysfs.c"],"versions":[{"version":"f38bc926d022ebd67baad6ac7fc22c95fbc6238c","lessThan":"d6111e7bdb8ec27eb43d01c4cd4ff1620a75f7f2","status":"affected","versionType":"git"},{"version":"f38bc926d022ebd67baad6ac7fc22c95fbc6238c","lessThan":"fd5d8fb298a2866c337da635c79d63c3afabcaf7","status":"affected","versionType":"git"},{"version":"f38bc926d022ebd67baad6ac7fc22c95fbc6238c","lessThan":"31ff3309b47d98313c61b8301bf595820cc3cc33","status":"affected","versionType":"git"},{"version":"f38bc926d022ebd67baad6ac7fc22c95fbc6238c","lessThan":"5e39397d60dacc7f5d81d442c1c958eaaaf31128","status":"affected","versionType":"git"},{"version":"f38bc926d022ebd67baad6ac7fc22c95fbc6238c","lessThan":"b07a30a774b3c3e584a68dc91779c68ea2da4813","status":"affected","versionType":"git"},{"version":"f38bc926d022ebd67baad6ac7fc22c95fbc6238c","lessThan":"4687c3f955240ca2a576bdc3f742d4d915b6272d","status":"affected","versionType":"git"},{"version":"f38bc926d022ebd67baad6ac7fc22c95fbc6238c","lessThan":"4ef1e521be610b720daeb7cf899fedc7db0274c4","status":"affected","versionType":"git"},{"version":"f38bc926d022ebd67baad6ac7fc22c95fbc6238c","lessThan":"78601726d4a59a291acc5a52da1d3a0a6831e4e8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iio/trigger/iio-trig-sysfs.c"],"versions":[{"version":"3.7","status":"affected"},{"version":"0","lessThan":"3.7","status":"unaffected","versionType":"semver"},{"version":"4.9.321","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.286","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.250","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.202","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.127","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.51","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.18.8","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.9.321"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.14.286"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.19.250"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.4.202"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.10.127"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.15.51"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d6111e7bdb8ec27eb43d01c4cd4ff1620a75f7f2"},{"url":"https://git.kernel.org/stable/c/fd5d8fb298a2866c337da635c79d63c3afabcaf7"},{"url":"https://git.kernel.org/stable/c/31ff3309b47d98313c61b8301bf595820cc3cc33"},{"url":"https://git.kernel.org/stable/c/5e39397d60dacc7f5d81d442c1c958eaaaf31128"},{"url":"https://git.kernel.org/stable/c/b07a30a774b3c3e584a68dc91779c68ea2da4813"},{"url":"https://git.kernel.org/stable/c/4687c3f955240ca2a576bdc3f742d4d915b6272d"},{"url":"https://git.kernel.org/stable/c/4ef1e521be610b720daeb7cf899fedc7db0274c4"},{"url":"https://git.kernel.org/stable/c/78601726d4a59a291acc5a52da1d3a0a6831e4e8"}],"title":"iio: trigger: sysfs: fix use-after-free on remove","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"id":"CVE-2022-49685","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-02-27T18:15:09.914625Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-416","description":"CWE-416 Use After Free"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-27T18:22:31.102Z"}}]}}