CVE - CVE-2022-49299

CVE-ID
CVE-2022-49299	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: don't reset gadget's driver->bus UDC driver should not touch gadget's driver internals, especially it should not reset driver->bus. This wasn't harmful so far, but since commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget subsystem got it's own bus and messing with ->bus triggers the following NULL pointer dereference: dwc2 12480000.hsotg: bound driver g_ether 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: ... CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862 Hardware name: Samsung Exynos (Flattened Device Tree) PC is at module_add_driver+0x44/0xe8 LR is at sysfs_do_create_link_sd+0x84/0xe0 ... Process modprobe (pid: 620, stack limit = 0x(ptrval)) ... module_add_driver from bus_add_driver+0xf4/0x1e4 bus_add_driver from driver_register+0x78/0x10c driver_register from usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0 do_one_initcall from do_init_module+0x44/0x1c8 do_init_module from load_module+0x19b8/0x1b9c load_module from sys_finit_module+0xdc/0xfc sys_finit_module from ret_fast_syscall+0x0/0x54 Exception stack(0xf1771fa8 to 0xf1771ff0) ... dwc2 12480000.hsotg: new device is high-speed ---[ end trace 0000000000000000 ]--- Fix this by removing driver->bus entry reset.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c URL:https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c MISC:https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a URL:https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a MISC:https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8 URL:https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8 MISC:https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316 URL:https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316 MISC:https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd URL:https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd MISC:https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b URL:https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b MISC:https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac URL:https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac MISC:https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa URL:https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa MISC:https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0 URL:https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0
Assigning CNA
kernel.org
Date Record Created
20250226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)