CVE-2022-49389

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-49389

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49389.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49389

Downstream

DEBIAN-CVE-2022-49389

OESA-2025-1408

RHSA-2022:8267

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

UBUNTU-CVE-2022-49389

Related

Published

2025-02-26T02:11:22.834Z

Modified

2026-04-11T12:43:57.886355Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

usb: usbip: fix a refcount leak in stub_probe()

Details

In the Linux kernel, the following vulnerability has been resolved:

usb: usbip: fix a refcount leak in stub_probe()

usbgetdev() is called in stubdevicealloc(). When stubprobe() fails after that, usbput_dev() needs to be called to release the reference.

Fix this by moving usbputdev() to sdev_free error path handling.

Find this by code review.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49389.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3ff67445750a84de67faaf52c6e1895cb09f2c56

Fixed

6bafee2f18af5e5ac125e42960bc65496d0e56a0

Fixed

f20d2d3b3364ce6525c050a8b6b4c54c8c19674d

Fixed

247d3809e45a34d9e1a3a2bb7012e31ed8b46031

Fixed

2f0ae93ec33c8456cdfbf7876b80403a6318ebce

Fixed

bcbb795a9e78180d74c6ab21518da87e803dfdce

Fixed

51422046be504515eb5a591adf0f424b62f46804

Fixed

8afb048800919d0ab10c57983940eba956339f21

Fixed

11c65408bd0ba1d9cd1307caa38169292de9cdfb

Fixed

9ec4cbf1cc55d126759051acfe328d489c5d6e60

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

77e7f91231bf63e3c64eb59a2aaf5754eaea2e69

Last affected

d0f35e23dafa0185f979d0c70463caa658062264

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49389.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.19.0

Fixed

4.9.318

Type: ECOSYSTEM
Events: Introduced

4.10.0

Fixed

4.14.283

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.247

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.198

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.122

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.47

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.17.15

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

5.18.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49389.json"