CVE-2022-49713

usb: dwc2: Fix memory leak in dwc2_hcd_init

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

MITRE, TN

CWE (0)

CAPEC (-)

Risk

CVSS Score

5.5 Medium

SSVC

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (8)

>= 4.14.250 < 4.14.285, >= 4.19.210 < 4.19.249, >= 5.4.152 < 5.4.200, >= 5.10.72 < 5.10.124, >= 5.15 < 5.15.49, >= 5.15 < 5.18.6, >= 5.15 < 5.19, 5.14.11

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (13)

General (6)

kernel

Exploits & POcs (-)

Patches (7)

kernel

Advisories (-)

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2_hcd_init usb_create_hcd will alloc memory for hcd, and we should
call usb_put_hcd to free it when platform_get_resource()
fails to prevent memory leak.
goto error2 label instead error1 to fix this.

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2_hcd_init usb_create_hcd will alloc memory for hcd, and we should call usb_put_hcd to free it when platform_get_resource() fails to prevent memory leak. goto error2 label instead error1 to fix this.

*Credits: N/A

CVSS Scores

Tenablev3 5.5
Tenablev2 4.9

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/4b7f4a0eb92bf37bea4cd838c7f83ea42823ca8b	Vuln. Introduced
https://git.kernel.org/stable/c/a7182993dd8e09f96839ddc3ac54f9b37370d282	Vuln. Introduced
https://git.kernel.org/stable/c/8b9c1c33e51d0959f2aec573dfbac0ffd3f5c0b7	Vuln. Introduced
https://git.kernel.org/stable/c/2754fa3b73df7d0ae042f3ed6cfd9df9042f6262	Vuln. Introduced
https://git.kernel.org/stable/c/856e6e8e0f9300befa87dde09edb578555c99a82	Vuln. Introduced
https://git.kernel.org/stable/c/337f00a0bc62d7cb7d10ec0b872c79009a1641df	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/981ee40649e5fd9550f82db1fbb3bfab037da346	2022-06-25
https://git.kernel.org/stable/c/84e6d0af87e27bbc0db94f2e7323b34abe17b6e5	2022-06-25
https://git.kernel.org/stable/c/6506aff2dc2f7059aa3d45ee2e8639b25e87090f	2022-06-22
https://git.kernel.org/stable/c/a44a8a762f7fe9ad3c065813d058e835a6180cb2	2022-06-22
https://git.kernel.org/stable/c/701d8ec01e0f229d4db6f43d3d64ee479120cbeb	2022-06-22
https://git.kernel.org/stable/c/52bfcedbfd5bf962dbdcb6e761f4d0dd3ba26dfd	2022-06-22
https://git.kernel.org/stable/c/3755278f078460b021cd0384562977bf2039a57a	2022-06-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.250 < 4.14.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.250 < 4.14.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.210 < 4.19.249 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.210 < 4.19.249"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.152 < 5.4.200 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.152 < 5.4.200"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.72 < 5.10.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.72 < 5.10.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.49"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.18.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.18.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14.11 Search vendor "Linux" for product "Linux Kernel" and version "5.14.11"		en		Affected

CVE-2022-49713

usb: dwc2: Fix memory leak in dwc2_hcd_init

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (13)

Affected Vendors, Products, and Versions