CVE-2022-50704Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the ->pullup callback, or the hardware encounters a low probability fault, both of them may cause the ->pullup callback to fail, which will then cause a system panic (use after free). The gadget drivers sometimes need to be unloaded regardless of the hardware's behavior.

Affected Packages4 packages

Linuxlinux/linux_kernel4.20.06.0.16+1
Debianlinux/linux_kernel< 6.1.4-1+2
CVEListV5linux/linux0a55187a1ec8c03d0619e7ce41d10fdc39cff03630e926aa835ac2e6ad05822e4cb75833feb0d99f+3
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
USB: gadget: Fix use-after-free during usb config switch2025-12-24
OSV
CVE-2022-50704: In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switchi2025-12-24
GHSA
GHSA-mj7r-48h2-hmpx: In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switc2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: USB: gadget: Fix use-after-free during usb config switch2025-12-24
Debian
CVE-2022-50704: linux - In the Linux kernel, the following vulnerability has been resolved: USB: gadget...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50704 Impact, Exploitability, and Mitigation Steps | Wiz