Cyber Resilience

CVE-2022-49493

High

Published: 26 February 2025

Published
26 February 2025
Modified
03 September 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 21.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49493 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2022-49493 is a use-after-free vulnerability in the Linux kernel's ASoC rt5645 driver. The issue stems from a logic error in the rt5645_i2c_remove() function, which cancels the jack_detect_work before deleting the btn_check_timer. Since the timer's handler, rt5645_btn_check_callback(), re-queues the jack_detect_work, this order can lead to the canceled work being rescheduled during concurrent execution of del_timer_sync, resulting in a use-after-free (CWE-416).

A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), as indicated by its CVSS v3.1 score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation could allow the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially enabling arbitrary code execution, data corruption, or system crashes on affected systems using the rt5645 audio codec driver.

The referenced kernel stable commits provide the fix by reordering the cleanup to call del_timer_sync before cancel_delayed_work_sync in rt5645_i2c_remove(), preventing the race condition. Security practitioners should apply these patches to vulnerable Linux kernel versions incorporating the rt5645 driver.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and delete the &rt5645->btn_check_timer latter. However, since…

more

the timer handler rt5645_btn_check_callback() will re-queue the jack_detect_work, this cleanup order is buggy. That is, once the del_timer_sync in rt5645_i2c_remove is concurrently run with the rt5645_btn_check_callback, the canceled jack_detect_work will be rescheduled again, leading to possible use-after-free. This patch fix the issue by placing the del_timer_sync function before the cancel_delayed_work_sync.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free in rt5645 driver directly enables T1068 (Exploitation for Privilege Escalation) via arbitrary code execution from low-privileged context.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2023-52974Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2022-49176Same product: Linux Linux Kernel
CVE-2022-49291Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
≤ 4.9.318 · 4.10 — 4.14.283 · 4.15 — 4.19.247

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of known flaws like the use-after-free in the rt5645 driver by applying the kernel patch that reorders cleanup operations.

prevent

Provides memory protections such as address space randomization and guard pages that can mitigate exploitation of the use-after-free vulnerability in the kernel driver.

detect

Enables vulnerability scanning to identify systems running vulnerable kernel versions with the rt5645 driver affected by CVE-2022-49493.

References