CVE-2022-50514
Linux Kernel vulnerability analysis and mitigation

Overview

A vulnerability has been identified in the Linux kernel (CVE-2022-50514) related to a refcount leak in the USB gadget f_hid driver. The issue occurs when failing to allocate report_desc, where opts->refcnt has already been incremented but needs to be decremented to avoid leaving the options structure permanently locked (NVD).

Technical details

The vulnerability exists in the USB gadget f_hid driver's error handling path. When the report_desc allocation fails, the reference count (opts->refcnt) is not properly decremented, leading to a refcount leak. This can result in the options structure remaining permanently locked (Ubuntu).

Impact

The vulnerability could lead to a resource leak in the Linux kernel's USB HID gadget driver, potentially causing system resources to remain locked and unavailable (NVD).

Mitigation and workarounds

The issue has been fixed in various Linux distributions through kernel updates. Ubuntu has released patches for multiple versions including 22.04 LTS (jammy), 20.04 LTS (focal), and 18.04 LTS (bionic) (Ubuntu).

Additional resources


SourceThis report was generated using AI

Related Linux Kernel vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-71142N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-debug-devel
NoNoJan 14, 2026
CVE-2025-71137N/AN/A
  • Linux KernelLinux Kernel
  • kernel-cross-headers
NoYesJan 14, 2026
CVE-2025-71135N/AN/A
  • Linux KernelLinux Kernel
  • kernel-debug-core
NoNoJan 14, 2026
CVE-2025-71134N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k
NoNoJan 14, 2026
CVE-2025-71133N/AN/A
  • Linux KernelLinux Kernel
  • kernel-64k-modules-core
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management