Executive Summary



This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
Informations
Name CVE-2022-50034 First vendor Publication 2025-06-18
Vendor Cve Last vendor Modification 2025-06-18

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3 fix use-after-free at workaround 2

BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac

cdns3_wa2_remove_old_request() { ...
kfree(priv_req->request.buf);
cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);
list_del_init(&priv_req->list);
^^^ use after free
... }

cdns3_gadget_ep_free_request() free the space pointed by priv_req, but priv_req is used in the following list_del_init().

This patch move list_del_init() before cdns3_gadget_ep_free_request().

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-50034

Sources (Detail)

https://git.kernel.org/stable/c/6d7ac60098b206d0472475b666cb09d556bec03d
https://git.kernel.org/stable/c/6fd50446e7c9a98b4bcf96815f5c9602a16ea472
https://git.kernel.org/stable/c/7d602f30149a117eea260208b1661bc404c21dfd
https://git.kernel.org/stable/c/c3c1dbad3a2db32ecf371c97f2058491b8ba0f9a
https://git.kernel.org/stable/c/e65d9b7147d7be3504893ca7dfb85286bda83d40
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2025-06-18 17:20:34
  • First insertion