What is CVE-2022-50704?

CVE-2022-50704 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 4.20 onward and patched in 6.0.16, 6.1.2 and 6.2. CVE-2022-50704 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50704?

CVE-2022-50704 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50704?

Yes, CVE-2022-50704 has been patched. Fixed versions include 6.0.16, 6.1.2 and 6.2. If you are running Linux kernel 4.20 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50704 actively exploited?

CVE-2022-50704 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50704

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free during usb config switch In the process of switching USB config from rndis to other config, if the hardware does not support the ->pullup callback, or the hardware encounters a low probability fault, both of them may cause the ->pullup callback to fail, which will then cause a system panic (use after free). The gadget drivers sometimes need to be unloaded regardless of the hardware's behavior. Analysis as follows: ======================================================================= (1) write /config/usb_gadget/g1/UDC "none" gether_disconnect+0x2c/0x1f8 rndis_disable+0x4c/0x74 composite_disconnect+0x74/0xb0 configfs_composite_disconnect+0x60/0x7c usb_gadget_disconnect+0x70/0x124 usb_gadget_unregister_driver+0xc8/0x1d8 gadget_dev_desc_UDC_store+0xec/0x1e4 (2) rm /config/usb_gadget/g1/configs/b.1/f1 rndis_deregister+0x28/0x54 rndis_free+0x44/0x7c usb_put_function+0x14/0x1c config_usb_cfg_unlink+0xc4/0xe0 configfs_unlink+0x124/0x1c8 vfs_unlink+0x114/0x1dc (3) rmdir /config/usb_gadget/g1/functions/rndis.gs4 panic+0x1fc/0x3d0 do_page_fault+0xa8/0x46c do_mem_abort+0x3c/0xac el1_sync_handler+0x40/0x78 0xffffff801138f880 rndis_close+0x28/0x34 eth_stop+0x74/0x110 dev_close_many+0x48/0x194 rollback_registered_many+0x118/0x814 unregister_netdev+0x20/0x30 gether_cleanup+0x1c/0x38 rndis_attr_release+0xc/0x14 kref_put+0x74/0xb8 configfs_rmdir+0x314/0x374 If gadget->ops->pullup() return an error, function rndis_close() will be called, then it will causes a use-after-free problem. =======================================================================

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 4.20 and later are affected. Fixed in 6.0.16, 6.1.2, 6.2 and their respective stable series.

Affected from

≥ 4.20

Fixed in

✓ 6.0.16 6.0.x ✓ 6.1.2 6.1.x ✓ 6.2

References

The following references provide additional information about CVE-2022-50704 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/30e926aa835ac2e6ad05822e4cb75833feb0d99f
Patch
Kernel patch commit
https://git.kernel.org/stable/c/99a58ac42d9b6911834b0224b6782aea0c311346
Patch
Kernel patch commit
https://git.kernel.org/stable/c/afdc12887f2b2ecf20d065a7d81ad29824155083
Patch

Frequently asked questions

What is CVE-2022-50704?

CVE-2022-50704 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.20 onward and has been patched in 6.0.16, 6.1.2 and 6.2. CVE-2022-50704 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50704?

Yes — CVE-2022-50704 has been patched. Fixed versions include 6.0.16, 6.1.2 and 6.2. If you are running Linux kernel 4.20 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50704 actively exploited?

No — CVE-2022-50704 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.