CVE-2022-50005 – A use-after-free vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-50005?

CVE-2022-50005 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in the Linux kernel's NFC subsystem allows attackers to potentially crash the kernel or execute arbitrary code when specific NFC hardware is being detached. This affects Linux systems using the pn533 NFC driver. The vulnerability occurs due to improper timer cleanup during device removal.

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's NFC subsystem allows attackers to potentially crash the kernel or execute arbitrary code when specific NFC hardware is being detached. This affects Linux systems using the pn533 NFC driver. The vulnerability occurs due to improper timer cleanup during device removal.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with the vulnerable pn533 NFC driver code (specific versions not specified in CVE, but patches available for multiple stable branches)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if the pn533 NFC driver is loaded and NFC hardware is present/used. Most systems don't have NFC hardware by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or potential arbitrary code execution with kernel privileges leading to complete system compromise.

🟠

Likely Case

Kernel panic or system instability when NFC hardware is disconnected while active operations are pending.

🟢

If Mitigated

No impact if the vulnerable driver is not loaded or NFC hardware is not present/used.

🌐 Internet-Facing: LOW - Requires physical or local access to NFC hardware.

🏢 Internal Only: MEDIUM - Could be exploited by users with physical access to NFC devices or through malicious USB/NFC hardware.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires physical access to NFC hardware or ability to trigger device detachment. Race condition makes timing critical.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with commits: 2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5, 50403ee6daddf0d7a14e9d3b51a377c39a08ec8c, 9c34c33893db7a80d0e4b55c23d3b65e29609cfb, f1e941dbf80a9b8bab0bffbc4cbe41cc7f4c6fb6

Vendor Advisory: https://git.kernel.org/stable/c/2c71f5d55a86fd5969428abf525c1ae6b1c7b0f5

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable pn533 NFC driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist pn533' >> /etc/modprobe.d/blacklist.conf
rmmod pn533

Restrict physical access

all

Prevent unauthorized physical access to NFC hardware ports

🧯 If You Can't Patch

Disable or remove NFC hardware from critical systems
Implement strict physical security controls around NFC hardware access

🔍 How to Verify

Check if Vulnerable:

Check if pn533 module is loaded: lsmod | grep pn533. If loaded and kernel version is unpatched, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from distribution vendor. Verify pn533 module can be loaded without issues during NFC hardware detachment tests.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
Use-after-free kernel oops in dmesg
NFC subsystem errors

SIEM Query:

source="kernel" AND ("use-after-free" OR "pn533" OR "NFC" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2022-50005

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (4th percentile)

Published: June 18, 2025

Last Updated: November 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50005, you might also want to check these: