CVE-2022-1974: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-1974 is a use-after-free vulnerability discovered in the Linux kernel's NFC core functionality. The flaw stems from a race condition between kobject creation and deletion operations. This vulnerability was disclosed in June 2022 and affects various Linux kernel versions across multiple distributions (Ubuntu Security, Debian Security).

The vulnerability arises from an improper check using device_is_registered() in netlink-related functions within the NFC subsystem. The race condition occurs because kobject_del() in device_del() is not protected by device_lock, leading to potential use-after-free scenarios. The issue specifically affects functions such as nfc_fw_download(), nfc_dev_up(), and other NFC core operations. The vulnerability has been assigned a CVSS 3 Severity Score of 4.1 (Medium) (Ubuntu Security).

This vulnerability allows a local attacker with CAP_NET_ADMIN privileges to leak kernel information, potentially compromising system security. The flaw could lead to information disclosure and possible system instability (CVE Mitre).

The issue has been fixed through a patch that replaces the improper device_is_registered() check with a boolean variable to properly synchronize the NFC device registration state. Multiple Linux distributions have released patches, including Ubuntu (versions 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS) and Debian (bullseye, bookworm, and sid) (Github Linux, Debian Security).