CVE-2022-45888

MEDIUM

Linux Kernel < 6.0.9 - Use-After-Free via USB Device Removal Race Condition

Title source: llm

Description

An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.

References (4)

Core 4

Core References

Mailing List

https://lore.kernel.org/all/20221022175404.GA375335%40ubuntu/

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Third Party Advisory

https://security.netapp.com/advisory/ntap-20230113-0006/

Patch

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=282a4b71816b6076029017a7bab3a9dcee12a920

Scores

CVSS v3 6.4

EPSS 0.0002

EPSS Percentile 6.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362 CWE-416

Status published

Products (6)

linux/linux_kernel < 6.0.9

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

Published Nov 25, 2022

Tracked Since Feb 18, 2026