Login Sign Up

CVE-2022-50470

7.8 HIGH
Denial of Service

📋 TL;DR

A double-free vulnerability in the Linux kernel's xHCI driver causes memory corruption when freeing USB device endpoints during host controller removal. This can lead to kernel crashes or potential privilege escalation. Only affects systems with Intel Panther Point PCH (Ivy Bridge) chipsets using software bandwidth checking.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Intel Panther Point PCH (Ivy Bridge) chipsets where xHCI uses software bandwidth checking. Most modern systems use hardware bandwidth checking and are not vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, with potential for privilege escalation if memory corruption can be controlled.

🟠

Likely Case

System crash or instability when removing xHCI hardware or during system shutdown, causing denial of service.

🟢

If Mitigated

No impact if system doesn't use affected hardware or has been patched.

🌐 Internet-Facing: LOW - Requires local access or ability to trigger USB device operations.
🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the condition leading to system instability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires specific hardware conditions and ability to trigger USB device removal during xHCI controller shutdown.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 3bf860a41e0f2fcea0ac3aae8f7ef887a7994b70 or later

Vendor Advisory: https://git.kernel.org/stable/c/3bf860a41e0f2fcea0ac3aae8f7ef887a7994b70

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Avoid affected hardware

linux

Do not use systems with Intel Panther Point PCH (Ivy Bridge) chipsets

Prevent xHCI unbinding

linux

Avoid manually unbinding xhci-pci driver or removing USB controllers

🧯 If You Can't Patch

  • Avoid using or accessing systems with Intel Panther Point PCH (Ivy Bridge) chipsets
  • Implement strict access controls to prevent local users from triggering USB device operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and chipset: 1. Run 'uname -r' to check kernel version. 2. Check if system has Intel Panther Point PCH chipset via 'lspci | grep -i panther' or checking CPU model.

Check Version:

uname -r

Verify Fix Applied:

1. Verify kernel version is updated to one containing the fix. 2. Check kernel changelog for commit 3bf860a41e0f2fcea0ac3aae8f7ef887a7994b70.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages related to list_del corruption
  • xhci driver error messages during USB controller removal
  • System crash logs during shutdown or hardware removal

SIEM Query:

event_source:kernel AND (message:"list_del corruption" OR message:"xhci" AND (error OR panic))

📊 Metadata

CVE ID: CVE-2022-50470
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-415
EPSS Score: 0.02% exploit probability (5.6th percentile)
Published: October 4, 2025
Last Updated: January 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50470, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)
CVE-2023-49937 9.8

This CVE describes a double-free vulnerability in SchedMD Slurm workload manager that allows attacke...

Same vulnerability type (CWE-415)