CVE-2022-50470

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the handling of device endpoints within the xhci driver. Specifically, the issue arises when freeing a virtual device, potentially leading to a list del corruption kernel crash. This occurs when endpoints are not properly removed from the bandwidth list before the virtual device is freed, particularly during xhci host controller removal or dying scenarios. The problem affects systems utilizing software bandwidth checking, currently limited to the xHC in Intel Panther Point PCH (Ivy Bridge) chipsets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALSA-2025_16880

CESA-2023_7077

CVE-2022-50470

OESA-2025-2553

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

SUSE-SU-2025:4111-1

SUSE-SU-2025:4135-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4188-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Intel Panther Point Pch

Linux Kernel

Red Hat

Suse

CVE-2022-50470

Weakness Enumeration

Related Identifiers

Affected Products

References · 655