{"id":"CVE-2022-50005","summary":"nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout\n\nWhen the pn532 uart device is detaching, the pn532_uart_remove()\nis called. But there are no functions in pn532_uart_remove() that\ncould delete the cmd_timeout timer, which will cause use-after-free\nbugs. The process is shown below:\n\n    (thread 1)                  |        (thread 2)\n                                |  pn532_uart_send_frame\npn532_uart_remove               |    mod_timer(&pn532-\u003ecmd_timeout,...)\n  ...                           |    (wait a time)\n  kfree(pn532) //FREE           |    pn532_cmd_timeout\n                                |      pn532_uart_send_frame\n                                |        pn532-\u003e... //USE\n\nThis patch adds del_timer_sync() in pn532_uart_remove() in order to\nprevent the use-after-free bugs. What's more, the pn53x_unregister_nfc()\nis well synchronized, it sets nfc_dev-\u003eshutting_down to true and there\nare no syscalls could restart the cmd_timeout timer.","modified":"2026-04-03T13:14:47.202817142Z","published":"2025-06-18T11:01:10.610Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02537-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50005.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/50403ee6daddf0d7a14e9d3b51a377c39a08ec8c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9c34c33893db7a80d0e4b55c23d3b65e29609cfb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50005.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50005"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c656aa4c27b17a8c70da223ed5ab42145800d6b5"},{"fixed":"50403ee6daddf0d7a14e9d3b51a377c39a08ec8c"},{"fixed":"9c34c33893db7a80d0e4b55c23d3b65e29609cfb"},{"fixed":"2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5"},{"fixed":"f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50005.json"}}],"schema_version":"1.7.5"}