CVE-2022-50568Linux vulnerability

6 documents5 sources
Severity
N/A
No vector
EPSS
0.0%
top 88.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix f_hidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN is held open while the gadget is deleted. This can readily be replicated with libusbgx's example programs (for conciseness - operating directly via configfs is equivalent): gadget-hid exec 3<> /dev/hidg0 gadget-vid-pid-remove exec 3<&- P

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.354.19.270+5
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux71adf118946957839a13aa4d1094183e05c6c0941cd7f156f6389918f760687fbbf133c86da93162+7
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-4jrv-w6c6-f8r5: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix f_hidg lifetime vs cdev The embedded struct cdev does no2025-10-22
OSV
usb: gadget: f_hid: fix f_hidg lifetime vs cdev2025-10-22
OSV
CVE-2022-50568: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix f_hidg lifetime vs cdev The embedded struct cdev does not2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: usb: gadget: f_hid: fix f_hidg lifetime vs cdev2025-10-22
Debian
CVE-2022-50568: linux - In the Linux kernel, the following vulnerability has been resolved: usb: gadget...2022