CVE-2022-50305 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-50305 PUBLISHED

Reported by Linux · Published September 15, 2025

In the Linux kernel, the following vulnerability has been resolved: ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove() sof_es8336_remove() calls cancel_delayed_work(). However, that function does not wait until the work function finishes. This means that the callback function may still be running after the driver's remove function has finished, which would result in a use-after-free. Fix by calling cancel_delayed_work_sync(), which ensures that the work is properly cancelled, no longer running, and unable to re-schedule itself.

EPSS 0.01% · 1.8th percentile

Risk Scores

EPSS Score

0.01%

1.8th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	b60ee210a76cabdc2dd5396de299a1860b4945cd, 89cdb224f2abe37ec4ac21ba0d9ddeb5a6a9cf68, 89cdb224f2abe37ec4ac21ba0d9ddeb5a6a9cf68
Linux	Linux	6.1, 0, 6.0.16
linux	linux_kernel	6.0.11, 6.1, 6.1
Linux	Linux	6.1, 0, b60ee210a76cabdc2dd5396de299a1860b4945cd

Timeline

Sep 15, 2025 CVE Published
Sep 16, 2025 EPSS Score
Sep 23, 2025 EPSS Score
Sep 29, 2025 EPSS Score
Oct 6, 2025 EPSS Score
Oct 12, 2025 EPSS Score
Oct 19, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Nov 1, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 14, 2025 EPSS Score
Nov 21, 2025 EPSS Score

References

Open in Interactive Console →