Use-After-Free Vulnerability in Linux Kernel's bcd2000 Driver by The Linux Foundation
CVE-2022-50229

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-50229?

A use-after-free vulnerability exists in the bcd2000 driver within the Linux kernel, which occurs when the driver encounters an error during the probing phase. If the snd_card_register() function fails, the driver improperly frees the 'bcd2k->midi_out_urb' before terminating it, leading to potential security risks. Properly addressing this issue requires reversing the order of operations by invoking usb_kill_urb() prior to calling usb_free_urb(), thus securing the driver against unintended accesses to freed memory resources.

Affected Version(s)

Linux b47a22290d581277be70e8a597824a4985d39e83

Linux b47a22290d581277be70e8a597824a4985d39e83 < 4fc41f7ebb7efca282f1740ea934d16f33c1d109

Linux b47a22290d581277be70e8a597824a4985d39e83 < 5e7338f4dd92b2f8915a82abfa1dd3ad3464bea0

References

https://git.kernel.org/stable/c/a718eba7e458e2f40531be3c6...

https://git.kernel.org/stable/c/4fc41f7ebb7efca282f1740ea...

https://git.kernel.org/stable/c/5e7338f4dd92b2f8915a82abf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Jun 18, 2025