CVE-2022-50568

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns the lifetime management of an embedded cdev structure within the f hidg structure in the Linux kernel. Specifically, the cdev structure's lifetime is not correctly linked to the f hidg structure, leading to a use-after-free condition if the /dev/hidgN device node remains open while the gadget is removed. This can be reproduced using libusbgx example programs or directly through configfs. The problem arises when the device is pulled into the f hidg structure, and the cdev device {add,del}() helpers are used, which alters the device object's lifetime to align with f hidg, but the addition and deletion timing remains the same.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.