{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49968","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.384Z","datePublished":"2025-06-18T11:00:32.443Z","dateUpdated":"2026-05-11T19:10:11.089Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:10:11.089Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154/adf7242: defer destroy_workqueue call\n\nThere is a possible race condition (use-after-free) like below\n\n  (FREE)                     |  (USE)\n  adf7242_remove             |  adf7242_channel\n   cancel_delayed_work_sync  |\n    destroy_workqueue (1)    |   adf7242_cmd_rx\n                             |    mod_delayed_work (2)\n                             |\n\nThe root cause for this race is that the upper layer (ieee802154) is\nunaware of this detaching event and the function adf7242_channel can\nbe called without any checks.\n\nTo fix this, we can add a flag write at the beginning of adf7242_remove\nand add flag check in adf7242_channel. Or we can just defer the\ndestructive operation like other commit 3e0588c291d6 (\"hamradio: defer\nax25 kfree after unregister_netdev\") which let the\nieee802154_unregister_hw() to handle the synchronization. This patch\ntakes the second option.\n\nruns\")"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ieee802154/adf7242.c"],"versions":[{"version":"58e9683d14752debc6f22daf6b23e031787df31f","lessThan":"dede80aaf01f4b6e8657d23726cb4a3da226ec4c","status":"affected","versionType":"git"},{"version":"58e9683d14752debc6f22daf6b23e031787df31f","lessThan":"bed12d7531df1417fc92c691999ff95e03835008","status":"affected","versionType":"git"},{"version":"58e9683d14752debc6f22daf6b23e031787df31f","lessThan":"23a29932715ca43bceb2eae1bdb770995afe7271","status":"affected","versionType":"git"},{"version":"58e9683d14752debc6f22daf6b23e031787df31f","lessThan":"9f8558c5c642c62c450c98c99b7d18a709fff485","status":"affected","versionType":"git"},{"version":"58e9683d14752debc6f22daf6b23e031787df31f","lessThan":"15f3b89bd521d5770d36a61fc04a77c293138ba6","status":"affected","versionType":"git"},{"version":"58e9683d14752debc6f22daf6b23e031787df31f","lessThan":"afe7116f6d3b888778ed6d95e3cf724767b9aedf","status":"affected","versionType":"git"},{"version":"a2363e2d88bf50022ee643c49ee5d4f7e8c915ea","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ieee802154/adf7242.c"],"versions":[{"version":"4.18","status":"affected"},{"version":"0","lessThan":"4.18","status":"unaffected","versionType":"semver"},{"version":"4.19.258","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.213","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.142","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.66","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.8","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"4.19.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.4.213"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.10.142"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.15.66"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"5.19.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18","versionEndExcluding":"6.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.17.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/dede80aaf01f4b6e8657d23726cb4a3da226ec4c"},{"url":"https://git.kernel.org/stable/c/bed12d7531df1417fc92c691999ff95e03835008"},{"url":"https://git.kernel.org/stable/c/23a29932715ca43bceb2eae1bdb770995afe7271"},{"url":"https://git.kernel.org/stable/c/9f8558c5c642c62c450c98c99b7d18a709fff485"},{"url":"https://git.kernel.org/stable/c/15f3b89bd521d5770d36a61fc04a77c293138ba6"},{"url":"https://git.kernel.org/stable/c/afe7116f6d3b888778ed6d95e3cf724767b9aedf"}],"title":"ieee802154/adf7242: defer destroy_workqueue call","x_generator":{"engine":"bippy-1.2.0"}}}}