CVE-2022-41849EPSS p22.4%

CVE-2022-41849CVE-2022-41849

linux / linux_kernel

Description

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.

Scoring

CVSS 4.2 ()
VectorCVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS0.31% probability of exploitation · percentile 22.4% · 2026-06-19T12:03:05Z
Last modified2026-06-17
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.