CVE-2022-49299
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49299
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49299.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49299
- Related
- Published
- 2025-02-26T07:01:06Z
- Modified
- 2025-04-14T20:59:02.093494Z
- Downstream
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: gadget: don't reset gadget's driver->bus
UDC driver should not touch gadget's driver internals, especially it should not reset driver->bus. This wasn't harmful so far, but since commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget subsystem got it's own bus and messing with ->bus triggers the following NULL pointer dereference:
dwc2 12480000.hsotg: bound driver gether 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: ... CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862 Hardware name: Samsung Exynos (Flattened Device Tree) PC is at moduleadddriver+0x44/0xe8 LR is at sysfsdocreatelinksd+0x84/0xe0 ... Process modprobe (pid: 620, stack limit = 0x(ptrval)) ... moduleadddriver from busadddriver+0xf4/0x1e4 busadddriver from driverregister+0x78/0x10c driverregister from usbgadgetregisterdriverowner+0x40/0xb4 usbgadgetregisterdriverowner from dooneinitcall+0x44/0x1e0 dooneinitcall from doinitmodule+0x44/0x1c8 doinitmodule from loadmodule+0x19b8/0x1b9c loadmodule from sysfinitmodule+0xdc/0xfc sysfinitmodule from retfast_syscall+0x0/0x54 Exception stack(0xf1771fa8 to 0xf1771ff0) ... dwc2 12480000.hsotg: new device is high-speed ---[ end trace 0000000000000000 ]---
Fix this by removing driver->bus entry reset.
- References
-
- https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c
- https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a
- https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8
- https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316
- https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd
- https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b
- https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac
- https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa
- https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0
- https://security-tracker.debian.org/tracker/CVE-2022-49299
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.127-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source