| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: gadget: don't reset gadget's driver->bus\n\nUDC driver should not touch gadget's driver internals, especially it\nshould not reset driver->bus. This wasn't harmful so far, but since\ncommit fc274c1e9973 (\"USB: gadget: Add a new bus for gadgets\") gadget\nsubsystem got it's own bus and messing with ->bus triggers the\nfollowing NULL pointer dereference:\n\ndwc2 12480000.hsotg: bound driver g_ether\n8<--- cut here ---\nUnable to handle kernel NULL pointer dereference at virtual address 00000000\n[00000000] *pgd=00000000\nInternal error: Oops: 5 [#1] SMP ARM\nModules linked in: ...\nCPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862\nHardware name: Samsung Exynos (Flattened Device Tree)\nPC is at module_add_driver+0x44/0xe8\nLR is at sysfs_do_create_link_sd+0x84/0xe0\n...\nProcess modprobe (pid: 620, stack limit = 0x(ptrval))\n...\n module_add_driver from bus_add_driver+0xf4/0x1e4\n bus_add_driver from driver_register+0x78/0x10c\n driver_register from usb_gadget_register_driver_owner+0x40/0xb4\n usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0\n do_one_initcall from do_init_module+0x44/0x1c8\n do_init_module from load_module+0x19b8/0x1b9c\n load_module from sys_finit_module+0xdc/0xfc\n sys_finit_module from ret_fast_syscall+0x0/0x54\nException stack(0xf1771fa8 to 0xf1771ff0)\n...\ndwc2 12480000.hsotg: new device is high-speed\n---[ end trace 0000000000000000 ]---\n\nFix this by removing driver->bus entry reset." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/usb/dwc2/gadget.c" |
| ], |
| "versions": [ |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "5127c0f365265bb69cd776ad6e4b872c309f3fa8", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "efb15ff4a77fe053c941281775fefa91c87770e0", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "bee8f9808a7e82addfc73a0973b16a8bb684205b", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "d232ca0bbc7d03144bad0ffd1792c3352bfd03fa", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "5b0c0298f7c3b57417f1729ec4071f76864b72dd", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "547ebdc200b862dff761ff4890f66d8217c33316", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "172cfc167c8ee6238f24f9c16efd598602af643c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "d2159feb9d28ce496d77df98313ab454646372ac", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", |
| "lessThan": "3120aac6d0ecd9accf56894aeac0e265f74d3d5a", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/usb/dwc2/gadget.c" |
| ], |
| "versions": [ |
| { |
| "version": "4.9.318", |
| "lessThanOrEqual": "4.9.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.14.283", |
| "lessThanOrEqual": "4.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.247", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.198", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.122", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.47", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.17.15", |
| "lessThanOrEqual": "5.17.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.18.4", |
| "lessThanOrEqual": "5.18.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.19", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "4.9.318" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "4.14.283" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "4.19.247" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "5.4.198" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "5.10.122" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "5.15.47" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "5.17.15" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "5.18.4" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionEndExcluding": "5.19" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a" |
| } |
| ], |
| "title": "usb: dwc2: gadget: don't reset gadget's driver->bus", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2022-49299", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
