CVE-2022-49389

usb: usbip: fix a refcount leak in stub_probe()

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (1)

MITRE

CWE (0)

CAPEC (-)

Risk

CVSS Score

SSVC

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (11)

>= 3.19 < 4.9.318, >= 3.19 < 4.14.283, >= 3.19 < 4.19.247, >= 3.19 < 5.4.198, >= 3.19 < 5.10.122, >= 3.19 < 5.15.47, >= 3.19 < 5.17.15, >= 3.19 < 5.18.4, >= 3.19 < 5.19, 3.16.58, 3.18.110

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (12)

General (3)

kernel

Exploits & POcs (-)

Patches (9)

kernel

Advisories (-)

Summary

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails
after that, usb_put_dev() needs to be called to release the reference. Fix this by moving usb_put_dev() to sdev_free error path handling. Find this by code review.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/3ff67445750a84de67faaf52c6e1895cb09f2c56	Vuln. Introduced
https://git.kernel.org/stable/c/77e7f91231bf63e3c64eb59a2aaf5754eaea2e69	Vuln. Introduced
https://git.kernel.org/stable/c/d0f35e23dafa0185f979d0c70463caa658062264	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/6bafee2f18af5e5ac125e42960bc65496d0e56a0	2022-06-14
https://git.kernel.org/stable/c/f20d2d3b3364ce6525c050a8b6b4c54c8c19674d	2022-06-14
https://git.kernel.org/stable/c/247d3809e45a34d9e1a3a2bb7012e31ed8b46031	2022-06-14
https://git.kernel.org/stable/c/2f0ae93ec33c8456cdfbf7876b80403a6318ebce	2022-06-14
https://git.kernel.org/stable/c/bcbb795a9e78180d74c6ab21518da87e803dfdce	2022-06-14
https://git.kernel.org/stable/c/51422046be504515eb5a591adf0f424b62f46804	2022-06-14
https://git.kernel.org/stable/c/8afb048800919d0ab10c57983940eba956339f21	2022-06-14
https://git.kernel.org/stable/c/11c65408bd0ba1d9cd1307caa38169292de9cdfb	2022-06-14
https://git.kernel.org/stable/c/9ec4cbf1cc55d126759051acfe328d489c5d6e60	2022-04-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.9.318 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.9.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.14.283 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.14.283"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.19.247 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.19.247"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.4.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.4.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.10.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.10.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.15.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.15.47"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.17.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.17.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.18.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.18.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.16.58 Search vendor "Linux" for product "Linux Kernel" and version "3.16.58"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.18.110 Search vendor "Linux" for product "Linux Kernel" and version "3.18.110"		en		Affected

CVE-2022-49389

usb: usbip: fix a refcount leak in stub_probe()

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (12)

Affected Vendors, Products, and Versions