CVE-2022-49389

usb: usbip: fix a refcount leak in stub_probe()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails
after that, usb_put_dev() needs to be called to release the reference. Fix this by moving usb_put_dev() to sdev_free error path handling. Find this by code review.

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after that, usb_put_dev() needs to be called to release the reference. Fix this by moving usb_put_dev() to sdev_free error path handling. Find this by code review.

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-05-04 CVE Updated
2025-07-22 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/3ff67445750a84de67faaf52c6e1895cb09f2c56	Vuln. Introduced
https://git.kernel.org/stable/c/77e7f91231bf63e3c64eb59a2aaf5754eaea2e69	Vuln. Introduced
https://git.kernel.org/stable/c/d0f35e23dafa0185f979d0c70463caa658062264	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/6bafee2f18af5e5ac125e42960bc65496d0e56a0	2022-06-14
https://git.kernel.org/stable/c/f20d2d3b3364ce6525c050a8b6b4c54c8c19674d	2022-06-14
https://git.kernel.org/stable/c/247d3809e45a34d9e1a3a2bb7012e31ed8b46031	2022-06-14
https://git.kernel.org/stable/c/2f0ae93ec33c8456cdfbf7876b80403a6318ebce	2022-06-14
https://git.kernel.org/stable/c/bcbb795a9e78180d74c6ab21518da87e803dfdce	2022-06-14
https://git.kernel.org/stable/c/51422046be504515eb5a591adf0f424b62f46804	2022-06-14
https://git.kernel.org/stable/c/8afb048800919d0ab10c57983940eba956339f21	2022-06-14
https://git.kernel.org/stable/c/11c65408bd0ba1d9cd1307caa38169292de9cdfb	2022-06-14
https://git.kernel.org/stable/c/9ec4cbf1cc55d126759051acfe328d489c5d6e60	2022-04-21

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49389	2022-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=2347796	2022-11-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.9.318 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.9.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.14.283 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.14.283"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 4.19.247 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.19.247"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.4.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.4.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.10.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.10.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.15.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.15.47"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.17.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.17.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.18.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.18.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.19 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 5.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.16.58 Search vendor "Linux" for product "Linux Kernel" and version "3.16.58"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.18.110 Search vendor "Linux" for product "Linux Kernel" and version "3.18.110"		en		Affected