CVE-2022-50220: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50220 is a use-after-free vulnerability discovered in the Linux kernel's usbnet driver. The issue affects USB Ethernet drivers including aqc111.c, asix_devices.c, ax88179_178a.c, ch9200.c, and smsc75xx.c. The vulnerability was identified in the handling of link change events during device disconnection (NVD, Wiz).

The vulnerability occurs when a link change interrupt is received immediately before disconnect. The drivers raise EVENT_LINK_RESET in their non-sleepable ->status() callback and schedule usbnet_deferred_kevent(). The usbnet_deferred_kevent() function then invokes the driver's ->link_reset() callback, which calls netif_carrier_{on,off}(). Because usbnet_deferred_kevent() is awaited after unregister_netdev(), netif_carrier_{on,off}() may operate on an unregistered netdev and linkwatch_event() may run after free_netdev(), causing a use-after-free condition (NVD).

This vulnerability could lead to a use-after-free condition in the Linux kernel when disconnecting USB network devices, potentially resulting in system crashes or other undefined behavior (Wiz).

The issue has been fixed in various Linux kernel versions. The fix involves moving the wait for usbnet_deferred_kevent() back to ->ndo_stop(). Debian has marked this as fixed in versions 5.10.223-1 for bullseye, 6.1.137-1 for bookworm, and 6.12.32-1 for trixie (Wiz).