CVE-2022-50470— xhci: Remove device endpoints from bandwidth list when freeing the device
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-50470
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
xhci: Remove device endpoints from bandwidth list when freeing the device
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or being removed then the endpoints aren't dropped cleanly due to functions returning early to avoid interacting with a non-accessible host controller. So check and delete endpoints that are still on the bandwidth list when freeing the virt device. Solves a list_del corruption kernel crash when unbinding xhci-pci, caused by xhci_mem_cleanup() when it later tried to delete already freed endpoints from the bandwidth list. This only affects hosts that use software bandwidth checking, which currenty is only the xHC in intel Panther Point PCH (Ivy Bridge)
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未从带宽列表中删除设备端点,可能导致列表损坏和内核崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2022-50470
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-50470
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-10-04 · 144 CVEs total
| CVE-2025-39946 | 9.8 CRITICAL | tls: make sure to abort the stream if headers are bogus |
| CVE-2022-50491 | coresight: cti: Fix hang in cti_disable_hw() | |
| CVE-2023-53581 | net/mlx5e: Check for NOT_READY flag state after locking | |
| CVE-2023-53580 | USB: Gadget: core: Help prevent panic during UVC unconfigure | |
| CVE-2022-50507 | fs/ntfs3: Validate data run offset | |
| CVE-2022-50508 | wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power | |
| CVE-2022-50506 | drbd: only clone bio if we have a backing device | |
| CVE-2022-50504 | powerpc/rtas: avoid scheduling in rtas_os_term() | |
| CVE-2022-50505 | iommu/amd: Fix pci device refcount leak in ppr_notifier() | |
| CVE-2022-50503 | mtd: lpddr2_nvm: Fix possible null-ptr-deref | |
| CVE-2022-50501 | media: coda: Add check for dcoda_iram_alloc | |
| CVE-2022-50500 | netdevsim: fix memory leak in nsim_drv_probe() when nsim_dev_resources_register() failed | |
| CVE-2022-50499 | media: dvb-core: Fix double free in dvb_register_device() | |
| CVE-2022-50497 | binfmt_misc: fix shift-out-of-bounds in check_special_flags | |
| CVE-2022-50498 | eth: alx: take rtnl_lock on resume | |
| CVE-2022-50496 | dm cache: Fix UAF in destroy() | |
| CVE-2022-50494 | thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash | |
| CVE-2022-50493 | scsi: qla2xxx: Fix crash when I/O abort times out | |
| CVE-2022-50492 | drm/msm: fix use-after-free on probe deferral | |
| CVE-2023-53572 | clk: imx: scu: use _safe list iterator to avoid a use after free |
Showing top 20 of 144 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2022-50470
No comments yet