CVE-2022-1205: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-1205 is a vulnerability discovered in the Linux kernel's Amateur Radio AX.25 protocol functionality. The flaw was identified by Duoming Zhou and involves race conditions in the AX.25 amateur radio protocol implementation, leading to NULL pointer dereference and use-after-free vulnerabilities when a user connects with the protocol (Ubuntu Security, CVE Mitre). The vulnerability was discovered and fixed in March 2022, with the CVE being assigned on April 1, 2022.

The vulnerability stems from race conditions in multiple timer expiry functions including ax25heartbeatexpiry(), ax25t1timerexpiry(), ax25t2timerexpiry(), ax25t3timerexpiry(), and ax25idletimerexpiry(). These race conditions occur when ax25killbydevice() is used to detach the ax25 device or when ax25release() is called to deallocate ax25dev. The issue manifests as both a NULL pointer dereference and a use-after-free condition, where the ax25dev pointer is accessed after being freed or nullified (OSS Security).

The vulnerability allows a local attacker to crash the Linux kernel system by simulating Amateur Radio from user-space, resulting in a denial of service condition. The severity is rated as Medium with a CVSS 3 score of 4.7 (Ubuntu Security).

The vulnerability was patched in the mainline Linux kernel through two commits. The first commit (fc6d01ff9ef0) adds proper timer synchronization in ax25disconnect(), and the second commit (82e31755e55f) implements additional timer cleanup in ax25release(). These patches ensure that all timers are properly stopped before deallocating resources (Github Linux, Github Linux).