References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove()

sof_es8336_remove() calls cancel_delayed_work(). However, that
function does not wait until the work function finishes. This
means that the callback function may still be running after
the driver's remove function has finished, which would result
in a use-after-free.

Fix by calling cancel_delayed_work_sync(), which ensures that
the work is properly cancelled, no longer running, and unable
to re-schedule itself.

https://git.kernel.org/stable/c/1b41beaa7a58467505ec3023af8aad74f878b888

https://git.kernel.org/stable/c/390a1a98288a53b2e7555097d83c6e55d579b166

https://git.kernel.org/stable/c/b85102a3aa3810a09eb55692e8cd6ffbb304e57d