CVE-2022-50470Double Free in Linux

CWE-415Double Free5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 96.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or being removed then the endpoints aren't dropped cleanly due to functions returning early to avoid interacting with a non-accessible host controller. So check and delete endpoints that are still on the bandwidth list whe

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel3.24.9.332+7
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linux2e27980e6eb78114c4ecbaad1ba71836e3887d185e4ce28ad907aa54f13b21d5f1dc490525957b0c+8
debiandebian/linux< linux 6.0.7-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-7jr9-85rw-772f: In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoi2025-10-04
OSV
CVE-2022-50470: In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoint2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: xhci: Remove device endpoints from bandwidth list when freeing the device2025-10-04
Debian
CVE-2022-50470: linux - In the Linux kernel, the following vulnerability has been resolved: xhci: Remov...2022