PT-2025-25906 · Linux+3 · Linux Kernel+3

Published

2022-07-27

·

Updated

2026-04-20

·

CVE-2022-49980

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc4-next-20220628-syzkaller
Description A use-after-free bug was found in the Linux kernel, specifically in the usb udc uevent() function. This bug occurs due to a race between uevent callbacks and gadget driver unregistration, which can cause the udc->driver field to be accessed after it has been deallocated. The issue was discovered by the syzbot fuzzer.
Recommendations To prevent the race, ensure that the usb udc uevent() routine holds the udc lock mutex around the racing accesses. For Linux kernel versions prior to 5.19.0-rc4-next-20220628-syzkaller, apply the patch that fixes the use-after-free Read in usb udc uevent().

Exploit

Fix

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

AZL-70220
BDU:2026-01520
CVE-2022-49980
RHSA-2023:2458
RHSA-2023_2458
SUSE-SU-2025:02264-1
SUSE-SU-2025:02321-1
SUSE-SU-2025:03204-1
SUSE-SU-2025:03283-1
SUSE-SU-2025:03344-1
SUSE-SU-2025:03613-1
SUSE-SU-2025:03626-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:2264-1
SUSE-SU-2025:3716-1
SUSE-SU-2025_02264-1
SUSE-SU-2025_03204-1
SUSE-SU-2025_03344-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0474-1
SUSE-SU-2026:0475-1
SUSE-SU-2026:0495-1
SUSE-SU-2026:0496-1
SUSE-SU-2026:0617-1
SUSE-SU-2026:1131-1

Affected Products

Debian
Linux Kernel
Red Hat
Suse