CVE-2022-50542 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2022-50542?

CVE-2022-50542 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the Linux kernel's si470x USB radio driver. When the driver fails to initialize properly, it doesn't properly clean up USB request blocks (URBs), allowing attackers to trigger memory corruption. This affects Linux systems with si470x USB radio hardware or the driver loaded.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's si470x USB radio driver. When the driver fails to initialize properly, it doesn't properly clean up USB request blocks (URBs), allowing attackers to trigger memory corruption. This affects Linux systems with si470x USB radio hardware or the driver loaded.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions with vulnerable si470x driver code (specific versions not specified in CVE, but patches available in stable branches)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if si470x USB radio driver is loaded (typically requires specific hardware or manual loading).

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to system crash, privilege escalation, or arbitrary code execution in kernel context.

🟠

Likely Case

System instability, kernel panic, or denial of service through system crashes.

🟢

If Mitigated

No impact if driver not loaded or hardware not present; limited to local attackers with USB device access.

🌐 Internet-Facing: LOW - Requires physical USB device access or local system access.

🏢 Internal Only: MEDIUM - Local attackers with USB device access could exploit; risk increases in shared/multi-user systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires USB device access and driver loading; discovered via syzbot fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commit 0ca298d548461d29615f9a2b1309e8dcf4a352c6 or later stable patches

Vendor Advisory: https://git.kernel.org/stable/c/0ca298d548461d29615f9a2b1309e8dcf4a352c6

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify si470x driver is not loaded if not needed.

🔧 Temporary Workarounds

Disable si470x driver

linux

Prevent loading of vulnerable driver module

echo 'blacklist si470x' >> /etc/modprobe.d/blacklist.conf
rmmod si470x

Restrict USB device access

linux

Prevent unauthorized USB device connections

usbguard generate-policy > /etc/usbguard/rules.conf
systemctl enable --now usbguard

🧯 If You Can't Patch

Disable si470x kernel module via blacklisting
Implement USB device access controls and monitoring

🔍 How to Verify

Check if Vulnerable:

Check if si470x module is loaded: lsmod | grep si470x

Check Version:

uname -r

Verify Fix Applied:

Check kernel version is patched and si470x module not loaded or updated

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
USB driver initialization failures
System crashes with si470x in stack trace

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("si470x" OR "use-after-free" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2022-50542

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 7, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50542, you might also want to check these: