CVE-2022-50034 in kernel-cross-headers | CVE-2022-50034

Threat Intelligence

0.03% (6^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL9-KERNELCROSSHEADERS-11548557
published9 Aug 2025
disclosed18 Jun 2025

Report a new vulnerability Found a mistake?

Introduced: 18 Jun 2025

CVE-2022-50034 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:9.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-cross-headers package and not the kernel-cross-headers package as distributed by RHEL.

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3 fix use-after-free at workaround 2

BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xac

cdns3_wa2_remove_old_request() { ... kfree(priv_req->request.buf); cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ^^^ use after free ... }

cdns3_gadget_ep_free_request() free the space pointed by priv_req, but priv_req is used in the following list_del_init().

This patch move list_del_init() before cdns3_gadget_ep_free_request().

CVE-2022-50034 The advisory has been revoked - it doesn't affect any version of package kernel-cross-headers (opens in a new tab)

Threat Intelligence

Do your applications use this vulnerable package?

Introduced: 18 Jun 2025

Amendment

NVD Description

References