目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CVE-2022-49936— Linux kernel 安全漏洞

AI 预测 7.8 利用难度: 中等 EPSS 0.15% · P5

影响版本矩阵 18

厂商产品版本范围状态
LinuxLinux78d9a487ee961c356e1a934d9a92eca38ffb3a70< d90419b8b8322b6924f6da9da952647f2dadc21baffected
78d9a487ee961c356e1a934d9a92eca38ffb3a70< 1b29498669914c7f9afb619722421418a753d372affected
78d9a487ee961c356e1a934d9a92eca38ffb3a70< cc9a12e12808af178c600cc485338bac2e37d2a8affected
78d9a487ee961c356e1a934d9a92eca38ffb3a70< df1875084898b15cbc42f712e93d7f113ae6271baffected
78d9a487ee961c356e1a934d9a92eca38ffb3a70< abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8affected
78d9a487ee961c356e1a934d9a92eca38ffb3a70< c548b99e1c37db6f7df86ecfe9a1f895d6c5966eaffected
78d9a487ee961c356e1a934d9a92eca38ffb3a70< d5eb850b3e8836197a38475840725260b9783e94affected
78d9a487ee961c356e1a934d9a92eca38ffb3a70< 9c6d778800b921bde3bff3cff5003d1650f942d1affected
… +10 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2022-49936 基础信息

漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
USB: core: Prevent nested device-reset calls
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 #3 Not tainted -------------------------------------------- kworker/1:3/1205 is trying to acquire lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 but task is already holding lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 ... stack backtrace: CPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_deadlock_bug kernel/locking/lockdep.c:2988 [inline] check_deadlock kernel/locking/lockdep.c:3031 [inline] validate_chain kernel/locking/lockdep.c:3816 [inline] __lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053 lock_acquire kernel/locking/lockdep.c:5665 [inline] lock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630 __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747 usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 usb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109 r871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622 usb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458 device_remove drivers/base/dd.c:545 [inline] device_remove+0x11f/0x170 drivers/base/dd.c:537 __device_release_driver drivers/base/dd.c:1222 [inline] device_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248 usb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627 usb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118 usb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114 This turned out not to be an error in usb-storage but rather a nested device reset attempt. That is, as the rtl8712 driver was being unbound from a composite device in preparation for an unrelated USB reset (that driver does not have pre_reset or post_reset callbacks), its ->remove routine called usb_reset_device() -- thus nesting one reset call within another. Performing a reset as part of disconnect processing is a questionable practice at best. However, the bug report points out that the USB core does not have any protection against nested resets. Adding a reset_in_progress flag and testing it will prevent such errors in the future.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于USB核心未防止嵌套设备重置调用,可能导致递归锁定违规。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 78d9a487ee961c356e1a934d9a92eca38ffb3a70 ~ d90419b8b8322b6924f6da9da952647f2dadc21b -
LinuxLinux 2.6.27 -

二、漏洞 CVE-2022-49936 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2022-49936 的情报信息

登录查看更多情报信息。

同批安全公告 · Linux · 2025-06-18 · 共 362 条

CVE-2022-50104Linux kernel 安全漏洞
CVE-2022-50116Linux kernel 安全漏洞
CVE-2022-50114Linux kernel 安全漏洞
CVE-2022-50113Linux kernel 安全漏洞
CVE-2022-50112Linux kernel 安全漏洞
CVE-2022-50111Linux kernel 安全漏洞
CVE-2022-50110Linux kernel 安全漏洞
CVE-2022-50109Linux kernel 安全漏洞
CVE-2022-50108Linux kernel 安全漏洞
CVE-2022-50106Linux kernel 安全漏洞
CVE-2022-50107Linux kernel 安全漏洞
CVE-2022-50105Linux kernel 安全漏洞
CVE-2022-50099Linux kernel 安全漏洞
CVE-2022-50095Linux kernel 安全漏洞
CVE-2022-50094Linux kernel 安全漏洞
CVE-2022-50096Linux kernel 安全漏洞
CVE-2022-50097Linux kernel 安全漏洞
CVE-2022-50098Linux kernel 安全漏洞
CVE-2022-50101Linux kernel 安全漏洞
CVE-2022-50103Linux kernel 安全漏洞

显示前 20 条,共 362 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-49936

暂无评论

发表评论