CVE-2022-49493
Published: 26 February 2025
Summary
CVE-2022-49493 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2022-49493 is a use-after-free vulnerability in the Linux kernel's ASoC rt5645 driver. The issue stems from a logic error in the rt5645_i2c_remove() function, which cancels the jack_detect_work before deleting the btn_check_timer. Since the timer's handler, rt5645_btn_check_callback(), re-queues the jack_detect_work, this order can lead to the canceled work being rescheduled during concurrent execution of del_timer_sync, resulting in a use-after-free (CWE-416).
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), as indicated by its CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation could allow the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution, data corruption, or system crashes on affected systems using the rt5645 audio codec driver.
The referenced kernel stable commits provide the fix by reordering the cleanup to call del_timer_sync before cancel_delayed_work_sync in rt5645_i2c_remove(), preventing the race condition. Security practitioners should apply these patches to vulnerable Linux kernel versions incorporating the rt5645 driver.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-54736
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and delete the &rt5645->btn_check_timer latter. However, since…
more
the timer handler rt5645_btn_check_callback() will re-queue the jack_detect_work, this cleanup order is buggy. That is, once the del_timer_sync in rt5645_i2c_remove is concurrently run with the rt5645_btn_check_callback, the canceled jack_detect_work will be rescheduled again, leading to possible use-after-free. This patch fix the issue by placing the del_timer_sync function before the cancel_delayed_work_sync.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel use-after-free in rt5645 driver directly enables T1068 (Exploitation for Privilege Escalation) via arbitrary code execution from low-privileged context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely remediation of known flaws like the use-after-free in the rt5645 driver by applying the kernel patch that reorders cleanup operations.
Provides memory protections such as address space randomization and guard pages that can mitigate exploitation of the use-after-free vulnerability in the kernel driver.
Enables vulnerability scanning to identify systems running vulnerable kernel versions with the rt5645 driver affected by CVE-2022-49493.