CVE-2022-50568: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50568 is a vulnerability discovered in the Linux kernel affecting the USB gadget HID functionality. The issue involves a use-after-free vulnerability in the fhidg lifetime management where the embedded struct cdev's lifetime is not correctly tied to the enclosing struct fhidg. This vulnerability was reported and documented on October 22, 2025 (NVD).

The vulnerability occurs when /dev/hidgN is held open while the gadget is deleted, leading to a use-after-free condition. The issue specifically relates to the struct cdev not having its lifetime properly tied to the enclosing struct fhidg. This can be replicated using libusbgx's example programs or by operating directly via configfs. The fix involves pulling the existing device up into struct fhidg and utilizing the cdevdevice{add,del}() helpers to ensure proper lifetime management of the device object (NVD).

When exploited, this vulnerability could lead to a use-after-free condition in the Linux kernel's USB HID gadget driver, potentially resulting in system instability or crashes. The vulnerability affects the kernel's USB subsystem, specifically the HID gadget functionality (NVD).

The issue has been resolved by modifying the lifetime management of the device object to match struct fhidg. The fix involves using cdevdevice_{add,del}() helpers to properly manage the device object's lifetime (NVD).