CVE-2022-50034

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50034
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50034.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50034
Downstream
Related
Published
2025-06-18T11:01:36.435Z
Modified
2026-04-03T13:14:38.445211669Z
Summary
usb: cdns3 fix use-after-free at workaround 2
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3 fix use-after-free at workaround 2

BUG: KFENCE: use-after-free read in _listdelentryvalid+0x10/0xac

cdns3wa2removeoldrequest() { ... kfree(privreq->request.buf); cdns3gadgetepfreerequest(&privep->endpoint, &privreq->request); listdelinit(&privreq->list); ^^^ use after free ... }

cdns3gadgetepfreerequest() free the space pointed by privreq, but privreq is used in the following listdelinit().

This patch move listdelinit() before cdns3gadgetepfreerequest().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50034.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8bc1901ca7b07d864fca11461b3875b31f949765
Fixed
e65d9b7147d7be3504893ca7dfb85286bda83d40
Fixed
6d7ac60098b206d0472475b666cb09d556bec03d
Fixed
c3c1dbad3a2db32ecf371c97f2058491b8ba0f9a
Fixed
6fd50446e7c9a98b4bcf96815f5c9602a16ea472
Fixed
7d602f30149a117eea260208b1661bc404c21dfd

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50034.json"