
Cloud Vulnerability DB
A community-led vulnerabilities database
A vulnerability has been identified in the Linux kernel (CVE-2022-50514) related to a refcount leak in the USB gadget f_hid driver. The issue occurs when failing to allocate report_desc, where opts->refcnt has already been incremented but needs to be decremented to avoid leaving the options structure permanently locked (NVD).
The vulnerability exists in the USB gadget f_hid driver's error handling path. When the report_desc allocation fails, the reference count (opts->refcnt) is not properly decremented, leading to a refcount leak. This can result in the options structure remaining permanently locked (Ubuntu).
The vulnerability could lead to a resource leak in the Linux kernel's USB HID gadget driver, potentially causing system resources to remain locked and unavailable (NVD).
The issue has been fixed in various Linux distributions through kernel updates. Ubuntu has released patches for multiple versions including 22.04 LTS (jammy), 20.04 LTS (focal), and 18.04 LTS (bionic) (Ubuntu).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."