Release of Invalid Pointer or Reference
CVE-2022-24958
Summary
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-763 - Release of Invalid Pointer or Reference
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
References
Advisory Timeline
- Published