drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open() aka a race condition between ufx_ops_open and ufx_usb_disconnect.

🗓️ 05 Oct 2022 07:00:00Reported by MicrosoftType

Linux kernel driver smscufx.c up to 5.19.12 has a race causing use-after-free when USB is removed during open.

Reporter	Title	Published	Views	Family All 387
ATTACKERKB	CVE-2022-41849	30 Sep 202206:15	–	attackerkb
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2-2022-1876 (ALAS-2022-1876)	2 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-039 (ALASKERNEL-5.4-2022-039)	14 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : kernel (ALAS-2022-1645)	10 Dec 202200:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0042: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0042)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0079: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2023:0079)	14 May 202500:00	–	nessus
Tenable Nessus	Debian dla-3244 : linux-config-5.10 - security update	24 Dec 202200:00	–	nessus
Tenable Nessus	Debian dla-3245 : hyperv-daemons - security update	24 Dec 202200:00	–	nessus
Tenable Nessus	NewStart CGSL MAIN 6.06 : kernel Multiple Vulnerabilities (NS-SA-2023-0142)	9 Nov 202300:00	–	nessus
Tenable Nessus	Photon OS 4.0: Linux PHSA-2021-4.0-0065	22 Jul 202100:00	–	nessus