CVE-2022-50542
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
07/10/2025
Last modified:
04/02/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
media: si470x: Fix use-after-free in si470x_int_in_callback()<br />
<br />
syzbot reported use-after-free in si470x_int_in_callback() [1]. This<br />
indicates that urb->context, which contains struct si470x_device<br />
object, is freed when si470x_int_in_callback() is called.<br />
<br />
The cause of this issue is that si470x_int_in_callback() is called for<br />
freed urb.<br />
<br />
si470x_usb_driver_probe() calls si470x_start_usb(), which then calls<br />
usb_submit_urb() and si470x_start(). If si470x_start_usb() fails,<br />
si470x_usb_driver_probe() doesn&#39;t kill urb, but it just frees struct<br />
si470x_device object, as depicted below:<br />
<br />
si470x_usb_driver_probe()<br />
...<br />
si470x_start_usb()<br />
...<br />
usb_submit_urb()<br />
retval = si470x_start()<br />
return retval<br />
if (retval
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.6 (including) | 4.9.337 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.14.303 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.270 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.229 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.163 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.86 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.0.16 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (including) | 6.1.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0ca298d548461d29615f9a2b1309e8dcf4a352c6
- https://git.kernel.org/stable/c/146bd005ebb01ae190c22af050cb98623958c373
- https://git.kernel.org/stable/c/1c6447d0fc68650e51586dde79b5090d9d77f13a
- https://git.kernel.org/stable/c/52f54fe78cca24850a30865037250f63eb3d5bf7
- https://git.kernel.org/stable/c/63648a7bd1a7599bcc2040a6d1792363ae4c2e1b
- https://git.kernel.org/stable/c/6c8aee0c8fcc6dda94315f7908e8fa9bc75abe75
- https://git.kernel.org/stable/c/7d21e0b1b41b21d628bf2afce777727bd4479aa5
- https://git.kernel.org/stable/c/8c6151b8e8dd2d98ad2cd725d26d1e103d989891
- https://git.kernel.org/stable/c/92b0888398e4ba51d93b618a6506781f4e3879c9