PT-2025-26146 · Linux+2 · Linux Kernel+2

Published

2022-06-24

Updated

2025-07-28

CVE-2022-50220

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue has been identified in the Linux kernel's usbnet component. This issue arises when the usbnet deferred kevent() work is awaited after the unregister netdev() call, potentially causing netif carrier {on,off}() to operate on an unregistered netdev and linkwatch event() to run after free netdev(). The problem originated from a change made in 2003 to prevent a deadlock, but it introduced the use-after-free issue in USB Ethernet drivers.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-01550

CVE-2022-50220

OESA-2025-1820

SUSE-SU-2025:02264-1

SUSE-SU-2025:02308-1

SUSE-SU-2025:02320-1

SUSE-SU-2025:02321-1

SUSE-SU-2025:02322-1

SUSE-SU-2025:02334-1

SUSE-SU-2025:02537-1

SUSE-SU-2025:2264-1

SUSE-SU-2025_02264-1

SUSE-SU-2025_02308-1

SUSE-SU-2025_02334-1

SUSE-SU-2025_02537-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-26146 · Linux+2 · Linux Kernel+2

CVE-2022-50220

Weakness Enumeration

Related Identifiers

Affected Products

References · 792