-
CVE-2022-50568
- EPSS 0.04%
- Veröffentlicht 22.10.2025 13:23:25
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
The embedded struct cdev does not have its lifetime correctly tied to
the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN
is held open while the gadget is deleted.
This can readily be replicated with libusbgx's example programs (for
conciseness - operating directly via configfs is equivalent):
gadget-hid
exec 3<> /dev/hidg0
gadget-vid-pid-remove
exec 3<&-
Pull the existing device up in to struct f_hidg and make use of the
cdev_device_{add,del}() helpers. This changes the lifetime of the
device object to match struct f_hidg, but note that it is still added
and deleted at the same time.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
71adf118946957839a13aa4d1094183e05c6c094
Version <
1cd7f156f6389918f760687fbbf133c86da93162
Status
affected
Version
71adf118946957839a13aa4d1094183e05c6c094
Version <
c78c87c4e389b62f8892af7f59857447aa6d9797
Status
affected
Version
71adf118946957839a13aa4d1094183e05c6c094
Version <
1b6a53e447ec3d81623610c8c7ec5082b47dfdce
Status
affected
Version
71adf118946957839a13aa4d1094183e05c6c094
Version <
d3136b79705c2e3bba9c76adc5628af0215d798e
Status
affected
Version
71adf118946957839a13aa4d1094183e05c6c094
Version <
9e4b85d815b14bd4db2deea2a54264a23de8b896
Status
affected
Version
71adf118946957839a13aa4d1094183e05c6c094
Version <
9e08b7f5fa00e9d550851352bd0d1ba74ccffef2
Status
affected
Version
71adf118946957839a13aa4d1094183e05c6c094
Version <
89ff3dfac604614287ad5aad9370c3f984ea3f4b
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
2.6.35
Status
affected
Version
0
Version <
2.6.35
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.121 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|