CVE-2022-49299

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: don't reset gadget's driver->bus UDC driver should not touch gadget's driver internals, especially it should not reset driver->bus. This wasn't harmful so far, but since commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget subsystem got it's own bus and messing with ->bus triggers the following NULL pointer dereference: dwc2 12480000.hsotg: bound driver g_ether 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: ... CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862 Hardware name: Samsung Exynos (Flattened Device Tree) PC is at module_add_driver+0x44/0xe8 LR is at sysfs_do_create_link_sd+0x84/0xe0 ... Process modprobe (pid: 620, stack limit = 0x(ptrval)) ... module_add_driver from bus_add_driver+0xf4/0x1e4 bus_add_driver from driver_register+0x78/0x10c driver_register from usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0 do_one_initcall from do_init_module+0x44/0x1c8 do_init_module from load_module+0x19b8/0x1b9c load_module from sys_finit_module+0xdc/0xfc sys_finit_module from ret_fast_syscall+0x0/0x54 Exception stack(0xf1771fa8 to 0xf1771ff0) ... dwc2 12480000.hsotg: new device is high-speed ---[ end trace 0000000000000000 ]--- Fix this by removing driver->bus entry reset.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c	Patch
https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a	Patch
https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8	Patch
https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316	Patch
https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd	Patch
https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b	Patch
https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac	Patch
https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa	Patch
https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

14 Apr 2025, 19:49

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc2: gadget: no restablezca el controlador UDC del bus del gadget->controlador no debe tocar los componentes internos del controlador del gadget, especialmente no debe restablecer el controlador UDC del bus del gadget->controlador. Esto no fue dañino hasta ahora, pero desde el commit fc274c1e9973 ("USB: gadget: Agregar un nuevo bus para gadgets") el subsistema de gadget tiene su propio bus y jugar con ->bus desencadena la siguiente desreferencia de puntero NULL: dwc2 12480000.hsotg: controlador vinculado g_ether 8<--- corte aquí --- No se puede manejar la desreferencia de puntero NULL del kernel en la dirección virtual 00000000 [00000000] *pgd=00000000 Error interno: Oops: 5 [#1] Módulos SMP ARM vinculados en: ... CPU: 0 PID: 620 Comm: modprobe No contaminado 5.18.0-rc5-next-20220504 #11862 Nombre del hardware: Samsung Exynos (árbol de dispositivos aplanado) La PC está en module_add_driver+0x44/0xe8 LR está en sysfs_do_create_link_sd+0x84/0xe0 ... Procesar modprobe (pid: 620, límite de pila = 0x(ptrval)) ... module_add_driver desde bus_add_driver+0xf4/0x1e4 bus_add_driver desde driver_register+0x78/0x10c driver_register desde usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner desde do_one_initcall+0x44/0x1e0 do_one_initcall desde do_init_module+0x44/0x1c8 do_init_module desde load_module+0x19b8/0x1b9c load_module desde sys_finit_module+0xdc/0xfc sys_finit_module de ret_fast_syscall+0x0/0x54 Pila de excepciones (0xf1771fa8 a 0xf1771ff0) ... dwc2 12480000.hsotg: el nuevo dispositivo es de alta velocidad ---[ fin de seguimiento 000000000000000 ]--- Solucione esto eliminando el restablecimiento de la entrada del bus del controlador.
References	~~() https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c -~~	() https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c - Patch
References	~~() https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a -~~	() https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a - Patch
References	~~() https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8 -~~	() https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8 - Patch
References	~~() https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316 -~~	() https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316 - Patch
References	~~() https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd -~~	() https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd - Patch
References	~~() https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b -~~	() https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b - Patch
References	~~() https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac -~~	() https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac - Patch
References	~~() https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa -~~	() https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa - Patch
References	~~() https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0 -~~	() https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0 - Patch
CWE		CWE-476

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-04-14 19:49

NVD link : CVE-2022-49299

Mitre link : CVE-2022-49299

CVE.ORG link : CVE-2022-49299

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10