VDB
CVE-2022-50305
CVE-2022-50305
PUBLISHED
Reported by Linux · Published September 15, 2025
In the Linux kernel, the following vulnerability has been resolved: ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove() sof_es8336_remove() calls cancel_delayed_work(). However, that function does not wait until the work function finishes. This means that the callback function may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling cancel_delayed_work_sync(), which ensures that the work is properly cancelled, no longer running, and unable to re-schedule itself.
EPSS 0.02% · 4.6th percentile
Risk Scores
EPSS Score
0.02%
4.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | b60ee210a76cabdc2dd5396de299a1860b4945cd, 89cdb224f2abe37ec4ac21ba0d9ddeb5a6a9cf68, 89cdb224f2abe37ec4ac21ba0d9ddeb5a6a9cf68 |
| Linux | Linux | 6.1, 0, 6.0.16 |
| linux | linux_kernel | 6.0.11, 6.1, 6.1 |
| Linux | Linux | b60ee210a76cabdc2dd5396de299a1860b4945cd, 89cdb224f2abe37ec4ac21ba0d9ddeb5a6a9cf68, 89cdb224f2abe37ec4ac21ba0d9ddeb5a6a9cf68 |
Timeline
- Sep 15, 2025 CVE Published
- Sep 16, 2025 EPSS Score
- Sep 23, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
- Oct 7, 2025 EPSS Score
- Oct 15, 2025 EPSS Score
- Oct 22, 2025 EPSS Score
- Oct 29, 2025 EPSS Score
- Nov 5, 2025 EPSS Score
- Nov 12, 2025 EPSS Score
- Nov 19, 2025 EPSS Score
- Nov 26, 2025 EPSS Score