Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and delete the &rt5645->btn_check_timer latter. However, since the timer handler rt5645_btn_check_callback() will re-queue the jack_detect_work, this cleanup order is buggy. That is, once the del_timer_sync in rt5645_i2c_remove is concurrently run with the rt5645_btn_check_callback, the canceled jack_detect_work will be rescheduled again, leading to possible use-after-free. This patch fix the issue by placing the del_timer_sync function before the cancel_delayed_work_sync.
References (8)
Core 8
Core References
Scores
CVSS v3
7.8
EPSS
0.0025
EPSS Percentile
15.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (26)
linux/Kernel
4.13.0 - 4.14.283linux
linux/Kernel
4.15.0 - 4.19.247linux
linux/Kernel
4.20.0 - 5.4.198linux
linux/Kernel
5.11.0 - 5.15.46linux
linux/Kernel
5.16.0 - 5.17.14linux
linux/Kernel
5.18.0 - 5.18.3linux
linux/Kernel
5.5.0 - 5.10.121linux
Linux/Linux
< 4.13
Linux/Linux
4.13
Linux/Linux
4.14.283 - 4.14.*
... and 16 more
Published
Feb 26, 2025
Tracked Since
Feb 18, 2026