CVE-2022-50568
BaseFortify
Publication date: 2025-10-22
Last updated on: 2025-10-22
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use-after-free issue in the Linux kernel's USB gadget HID function (f_hid). The problem arises because the embedded character device structure (cdev) does not have its lifetime properly tied to the enclosing f_hidg structure. As a result, if the device file (/dev/hidgN) is kept open while the gadget is deleted, it can lead to use-after-free, potentially causing system instability or security issues.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause use-after-free conditions, which may lead to system crashes, data corruption, or potentially allow an attacker to execute arbitrary code with kernel privileges if they can manipulate the device file during gadget removal.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to replicate the use-after-free condition using example programs such as those from libusbgx. For example, running the commands: gadget-hid exec 3<> /dev/hidg0 gadget-vid-pid-remove exec 3<&- These commands open /dev/hidg0 and then remove the gadget, which can trigger the use-after-free if the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the lifetime of the embedded struct cdev is correctly tied to the enclosing struct f_hidg. This fix ensures that the device object is added and deleted in sync with struct f_hidg, preventing the use-after-free condition.