CVE-2022-49299

usb: dwc2: gadget: don't reset gadget's driver->bus

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: don't reset gadget's driver->bus UDC driver should not touch gadget's driver internals, especially it
should not reset driver->bus. This wasn't harmful so far, but since
commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget
subsystem got it's own bus and messing with ->bus triggers the
following NULL pointer dereference: dwc2 12480000.hsotg: bound driver g_ether
8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000000
[00000000] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Modules linked in: ...
CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862
Hardware name: Samsung Exynos (Flattened Device Tree)
PC is at module_add_driver+0x44/0xe8
LR is at sysfs_do_create_link_sd+0x84/0xe0
...
Process modprobe (pid: 620, stack limit = 0x(ptrval))
... module_add_driver from bus_add_driver+0xf4/0x1e4 bus_add_driver from driver_register+0x78/0x10c driver_register from usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0 do_one_initcall from do_init_module+0x44/0x1c8 do_init_module from load_module+0x19b8/0x1b9c load_module from sys_finit_module+0xdc/0xfc sys_finit_module from ret_fast_syscall+0x0/0x54
Exception stack(0xf1771fa8 to 0xf1771ff0)
...
dwc2 12480000.hsotg: new device is high-speed
---[ end trace 0000000000000000 ]--- Fix this by removing driver->bus entry reset.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8	2022-06-14
https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0	2022-06-14
https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b	2022-06-14
https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa	2022-06-14
https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd	2022-06-14
https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316	2022-06-14
https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c	2022-06-14
https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac	2022-06-14
https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a	2022-05-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.318 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.283 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.283"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.247 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.247"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.198 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.122 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.47 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.47"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.17.15 Search vendor "Linux" for product "Linux Kernel" and version " < 5.17.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.18.4 Search vendor "Linux" for product "Linux Kernel" and version " < 5.18.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.19 Search vendor "Linux" for product "Linux Kernel" and version " < 5.19"		en		Affected