Use-After-Free in USB Ethernet Drivers in Linux Kernel
CVE-2022-50220

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 June 2025

What is CVE-2022-50220?

In the Linux kernel, a use-after-free vulnerability affects USB Ethernet drivers due to improper handling of device disconnection events. When a link change interrupt occurs just before a device is disconnected, it may trigger a sequence leading to operations on an already unregistered network device. Specifically, as usbnet_deferred_kevent() is awaited post-unregistration, subsequent operations such as netif_carrier_on/off can be executed on freed memory, resulting in potential system instability and security risks. This vulnerability highlights the importance of careful resource management in driver development.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 23f333a2bfafba80339315b724808982a9de57d9

Linux 23f333a2bfafba80339315b724808982a9de57d9

Linux 23f333a2bfafba80339315b724808982a9de57d9 < 7f77dcbc030c2faa6d8e8a594985eeb34018409e

References

https://git.kernel.org/stable/c/d2d6b530d89b0a91214801802...
https://git.kernel.org/stable/c/e2a521a7dcc463c5017b4426c...
https://git.kernel.org/stable/c/7f77dcbc030c2faa6d8e8a594...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.