Vulnerabilities > CVE-2022-41849 - Use After Free vulnerability in multiple products

047910
CVSS 4.2 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
high complexity
linux
debian
CWE-416

Summary

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.

Vulnerable Configurations

Part Description Count
OS
Linux
5167
OS
Debian
1

Common Weakness Enumeration (CWE)