CVE-2022-49755
Published: Mar 27, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait While performing fast composition switch, there is a possibility that the process of ffs_ep0_write/ffs_ep0_read get into a race condition due to ep0req being freed up from functionfs_unbind. Consider the scenario that the ffs_ep0_write calls the ffs_ep0_queue_wait by taking a lock &ffs->ev.waitq.lock. However, the functionfs_unbind isn't bounded so it can go ahead and mark the ep0req to NULL, and since there is no NULL check in ffs_ep0_queue_wait we will end up in use-after-free. Fix this by making a serialized execution between the two functions using a mutex_lock(ffs->mutex).
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ddf8abd2599491cbad959c700b90ba72a5dce8d0 - < facf353c9e8d7885b686d9a4b173d4e0af6441d2affected ddf8abd2599491cbad959c700b90ba72a5dce8d0 - < e9036e951f93fb8d7b5e9d6e2c7f94a4da312ae4affected ddf8abd2599491cbad959c700b90ba72a5dce8d0 - < a8d40942df074f4ebcb9bd3413596d92f323b064affected ddf8abd2599491cbad959c700b90ba72a5dce8d0 - < 6dd9ea05534f323668db94fcc2726c7a84547e78affected ddf8abd2599491cbad959c700b90ba72a5dce8d0 - < ae8e136bcaae96163b5821984de1036efc9abb1a+2 more versions |
Linux | Linux | affected 2.6.35unaffected 0 - < 2.6.35unaffected 4.14.305 - <= 4.14.*unaffected 4.19.272 - <= 4.19.*unaffected 5.4.231 - <= 5.4.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now