CVE-2022-49686
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49686
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49686.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49686
- Downstream
- Related
- Published
- 2025-02-26T02:24:12Z
- Modified
- 2025-10-13T20:28:49.908118Z
- Summary
- usb: gadget: uvc: fix list double add in uvcg_video_pump
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: fix list double add in uvcgvideopump
A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The endpoint complete will add the request back to the reqfree list. Invalidate the local request handle once it's been queued.
<6>[ 246.796704][T13726] configfs-gadget gadget: uvc: uvcfunctionsetalt(1, 0) <3>[ 246.797078][ T26] listadd double add: new=ffffff878bee5c40, prev=ffffff878bee5c40, next=ffffff878b0f0a90. <6>[ 246.797213][ T26] ------------[ cut here ]------------ <2>[ 246.797224][ T26] kernel BUG at lib/listdebug.c:31! <6>[ 246.807073][ T26] Call trace: <6>[ 246.807180][ T26] uvcgvideopump+0x364/0x38c <6>[ 246.807366][ T26] processonework+0x2a4/0x544 <6>[ 246.807394][ T26] workerthread+0x350/0x784 <6>[ 246.807442][ T26] kthread+0x2ac/0x320
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf9897ec0f6d34e8b2bc2f4c8ab8789351090f3d2Fixedd95ac8b920de1d39525fadc408ce675697626ca6
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf9897ec0f6d34e8b2bc2f4c8ab8789351090f3d2Fixed96163f835e65f8c9897487fac965819f0651d671
Affected versions
v5.*
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49686-290bfabd",
"digest": {
"length": 1260.0,
"function_hash": "295766285135039203320051364602683614107"
},
"target": {
"function": "uvcg_video_pump",
"file": "drivers/usb/gadget/function/uvc_video.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@96163f835e65f8c9897487fac965819f0651d671"
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49686-4734f6bc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16631384527699359634504400289242538660",
"305565559018299782851079256112980960043",
"79690880532790708207107719932480107906",
"273408389817056900012689849699813112946"
]
},
"target": {
"file": "drivers/usb/gadget/function/uvc_video.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@96163f835e65f8c9897487fac965819f0651d671"
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49686-5811b605",
"digest": {
"length": 1260.0,
"function_hash": "295766285135039203320051364602683614107"
},
"target": {
"function": "uvcg_video_pump",
"file": "drivers/usb/gadget/function/uvc_video.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d95ac8b920de1d39525fadc408ce675697626ca6"
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2022-49686-903cbc7d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16631384527699359634504400289242538660",
"305565559018299782851079256112980960043",
"79690880532790708207107719932480107906",
"273408389817056900012689849699813112946"
]
},
"target": {
"file": "drivers/usb/gadget/function/uvc_video.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d95ac8b920de1d39525fadc408ce675697626ca6"
}
]
}