CVE-2022-49657

MEDIUM

Linux Kernel 3.8-5.18.11 - Use-After-Free in usbnet_write_cmd_async

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usbnet: fix memory leak in error case usbnet_write_cmd_async() mixed up which buffers need to be freed in which error case. v2: add Fixes tag v3: fix uninitialized buf pointer

References (8)

Core 8

Core References

Patch

https://git.kernel.org/stable/c/3eed421ca5c809da93456f69203d164d5220be3d

Patch

https://git.kernel.org/stable/c/5269209f54dd8dfd15f9383f3a3a1fe8370764f8

Patch

https://git.kernel.org/stable/c/d5165e657987ff4ba0ace896d4376a3718a9fbc3

Patch

https://git.kernel.org/stable/c/04894ab34faf40ab72a8a5ab5b404bb0606bbbff

Patch

https://git.kernel.org/stable/c/0085da9df3dced730027923a6b48f58e9016af91

Patch

https://git.kernel.org/stable/c/db89582ff330556188da856e01382ccbf3a5e706

Patch

https://git.kernel.org/stable/c/e7b4f69946a38209b4a4f660bf0e4cbed94f9b4b

Patch

https://git.kernel.org/stable/c/b55a21b764c1e182014630fa5486d717484ac58f

Scores

CVSS v3 5.5

EPSS 0.0027

EPSS Percentile 17.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (27)

linux/Kernel 3.8.0 - 4.9.323linux

linux/Kernel 4.10.0 - 4.14.288linux

linux/Kernel 4.15.0 - 4.19.252linux

linux/Kernel 4.20.0 - 5.4.205linux

linux/Kernel 5.11.0 - 5.15.54linux

linux/Kernel 5.16.0 - 5.18.11linux

linux/Kernel 5.5.0 - 5.10.130linux

Linux/Linux < 3.8

Linux/Linux 3.8

Linux/Linux 4.14.288 - 4.14.*

... and 17 more

Published Feb 26, 2025

Tracked Since Feb 18, 2026