CVE-2022-49299: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: don't reset gadget's driver->bus UDC driver should not touch gadget's driver internals, especially it should not reset driver->bus. This wasn't harmful so far, but since commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget subsystem got it's own bus and messing with ->bus triggers the following NULL pointer dereference: dwc2 12480000.hsotg: bound driver g_ether 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: ... CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862 Hardware name: Samsung Exynos (Flattened Device Tree) PC is at module_add_driver+0x44/0xe8 LR is at sysfs_do_create_link_sd+0x84/0xe0 ... Process modprobe (pid: 620, stack limit = 0x(ptrval)) ... module_add_driver from bus_add_driver+0xf4/0x1e4 bus_add_driver from driver_register+0x78/0x10c driver_register from usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0 do_one_initcall from do_init_module+0x44/0x1c8 do_init_module from load_module+0x19b8/0x1b9c load_module from sys_finit_module+0xdc/0xfc sys_finit_module from ret_fast_syscall+0x0/0x54 Exception stack(0xf1771fa8 to 0xf1771ff0) ... dwc2 12480000.hsotg: new device is high-speed ---[ end trace 0000000000000000 ]--- Fix this by removing driver->bus entry reset.
AI Analysis
Technical Summary
CVE-2022-49299 is a vulnerability identified in the Linux kernel's USB gadget subsystem, specifically related to the dwc2 (DesignWare Core USB 2.0) gadget driver. The issue arises because the USB Device Controller (UDC) driver improperly resets the gadget driver's internal bus pointer (driver->bus). Historically, this action was harmless, but following a kernel commit that introduced a dedicated bus for the gadget subsystem, resetting this pointer leads to a NULL pointer dereference. This dereference triggers a kernel oops (crash) when the driver attempts to access the now-invalid bus pointer, causing the system to become unstable or crash. The vulnerability manifests during the loading or binding of the gadget driver, as demonstrated by the kernel trace involving module_add_driver and usb_gadget_register_driver_owner functions. The root cause is the UDC driver touching gadget driver internals inappropriately, specifically resetting the driver->bus field, which should be avoided. The fix involves removing the code that resets this pointer, thereby preventing the NULL pointer dereference. This vulnerability affects Linux kernel versions containing the faulty commit and is particularly relevant to systems using the dwc2 USB gadget driver, common in ARM-based embedded devices and SoCs such as Samsung Exynos platforms. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49299 depends largely on their use of Linux-based embedded systems or ARM architectures that utilize the dwc2 USB gadget driver. The vulnerability can cause kernel crashes (denial of service) when the affected USB gadget driver is loaded or initialized, potentially leading to system instability or downtime. This is particularly critical for industrial control systems, IoT devices, network appliances, or embedded systems deployed in sectors such as manufacturing, telecommunications, healthcare, and critical infrastructure. While the vulnerability does not directly lead to privilege escalation or data leakage, the denial of service could disrupt operations, cause device reboots, or require manual intervention to restore functionality. In environments where high availability is essential, such as data centers or critical infrastructure, this could translate to operational and financial impacts. Additionally, devices that rely on USB gadget functionality for networking or device emulation may be rendered inoperative until patched. Since exploitation does not require user interaction but does require loading the affected driver, the attack surface is somewhat limited to scenarios where the vulnerable driver is actively used or loaded.
Mitigation Recommendations
1. Apply the official Linux kernel patches that remove the resetting of the driver->bus pointer in the dwc2 gadget driver as soon as they become available. 2. For organizations using custom or embedded Linux kernels, ensure that kernel versions are updated to include this fix, especially on ARM-based devices using Samsung Exynos or similar SoCs. 3. Audit devices and systems to identify those running affected kernel versions with the dwc2 USB gadget driver enabled. 4. Where possible, disable USB gadget functionality if it is not required, reducing the attack surface. 5. Implement monitoring for kernel oops or crashes related to USB gadget driver loading to detect potential exploitation attempts or instability. 6. For critical systems, consider implementing kernel live patching solutions to minimize downtime during patch deployment. 7. Coordinate with hardware vendors and embedded system suppliers to confirm patch availability and deployment timelines. 8. Maintain strict control over module loading permissions to prevent unauthorized loading of vulnerable drivers.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2022-49299: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: don't reset gadget's driver->bus UDC driver should not touch gadget's driver internals, especially it should not reset driver->bus. This wasn't harmful so far, but since commit fc274c1e9973 ("USB: gadget: Add a new bus for gadgets") gadget subsystem got it's own bus and messing with ->bus triggers the following NULL pointer dereference: dwc2 12480000.hsotg: bound driver g_ether 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: ... CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862 Hardware name: Samsung Exynos (Flattened Device Tree) PC is at module_add_driver+0x44/0xe8 LR is at sysfs_do_create_link_sd+0x84/0xe0 ... Process modprobe (pid: 620, stack limit = 0x(ptrval)) ... module_add_driver from bus_add_driver+0xf4/0x1e4 bus_add_driver from driver_register+0x78/0x10c driver_register from usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0 do_one_initcall from do_init_module+0x44/0x1c8 do_init_module from load_module+0x19b8/0x1b9c load_module from sys_finit_module+0xdc/0xfc sys_finit_module from ret_fast_syscall+0x0/0x54 Exception stack(0xf1771fa8 to 0xf1771ff0) ... dwc2 12480000.hsotg: new device is high-speed ---[ end trace 0000000000000000 ]--- Fix this by removing driver->bus entry reset.
AI-Powered Analysis
Technical Analysis
CVE-2022-49299 is a vulnerability identified in the Linux kernel's USB gadget subsystem, specifically related to the dwc2 (DesignWare Core USB 2.0) gadget driver. The issue arises because the USB Device Controller (UDC) driver improperly resets the gadget driver's internal bus pointer (driver->bus). Historically, this action was harmless, but following a kernel commit that introduced a dedicated bus for the gadget subsystem, resetting this pointer leads to a NULL pointer dereference. This dereference triggers a kernel oops (crash) when the driver attempts to access the now-invalid bus pointer, causing the system to become unstable or crash. The vulnerability manifests during the loading or binding of the gadget driver, as demonstrated by the kernel trace involving module_add_driver and usb_gadget_register_driver_owner functions. The root cause is the UDC driver touching gadget driver internals inappropriately, specifically resetting the driver->bus field, which should be avoided. The fix involves removing the code that resets this pointer, thereby preventing the NULL pointer dereference. This vulnerability affects Linux kernel versions containing the faulty commit and is particularly relevant to systems using the dwc2 USB gadget driver, common in ARM-based embedded devices and SoCs such as Samsung Exynos platforms. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2022-49299 depends largely on their use of Linux-based embedded systems or ARM architectures that utilize the dwc2 USB gadget driver. The vulnerability can cause kernel crashes (denial of service) when the affected USB gadget driver is loaded or initialized, potentially leading to system instability or downtime. This is particularly critical for industrial control systems, IoT devices, network appliances, or embedded systems deployed in sectors such as manufacturing, telecommunications, healthcare, and critical infrastructure. While the vulnerability does not directly lead to privilege escalation or data leakage, the denial of service could disrupt operations, cause device reboots, or require manual intervention to restore functionality. In environments where high availability is essential, such as data centers or critical infrastructure, this could translate to operational and financial impacts. Additionally, devices that rely on USB gadget functionality for networking or device emulation may be rendered inoperative until patched. Since exploitation does not require user interaction but does require loading the affected driver, the attack surface is somewhat limited to scenarios where the vulnerable driver is actively used or loaded.
Mitigation Recommendations
1. Apply the official Linux kernel patches that remove the resetting of the driver->bus pointer in the dwc2 gadget driver as soon as they become available. 2. For organizations using custom or embedded Linux kernels, ensure that kernel versions are updated to include this fix, especially on ARM-based devices using Samsung Exynos or similar SoCs. 3. Audit devices and systems to identify those running affected kernel versions with the dwc2 USB gadget driver enabled. 4. Where possible, disable USB gadget functionality if it is not required, reducing the attack surface. 5. Implement monitoring for kernel oops or crashes related to USB gadget driver loading to detect potential exploitation attempts or instability. 6. For critical systems, consider implementing kernel live patching solutions to minimize downtime during patch deployment. 7. Coordinate with hardware vendors and embedded system suppliers to confirm patch availability and deployment timelines. 8. Maintain strict control over module loading permissions to prevent unauthorized loading of vulnerable drivers.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.534Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682cd0fa1484d88663aebf92
Added to database: 5/20/2025, 6:59:06 PM
Last enriched: 7/4/2025, 5:25:50 PM
Last updated: 8/13/2025, 4:52:18 AM
Views: 9
Related Threats
CVE-2025-8908: SQL Injection in Shanghai Lingdang Information Technology Lingdang CRM
MediumCVE-2025-8907: Execution with Unnecessary Privileges in H3C M2 NAS
HighCVE-2025-8671: CWE-404 Improper Resource Shutdown or Release in IETF HTTP Working Group HTTP/2
HighCVE-2025-48989: CWE-404 Improper Resource Shutdown or Release in Apache Software Foundation Apache Tomcat
HighCVE-2025-55280: CWE-312: Cleartext Storage of Sensitive Information in ZKTeco Co WL20 Biometric Attendance System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.