CVE-2022-48869

The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver, involving processes concurrently mounting and unmounting the gadgetfs filesystem. In particular, gadgetfsfillsuper() can race with gadgetfskillsb(), causing the latter to deallocate the_device while the former is using it. The output from KASAN says, in part:

BUG: KASAN: use-after-free in instrumentatomicreadwrite include/linux/instrumented.h:102 [inline] BUG: KASAN: use-after-free in atomicfetchsubrelease include/linux/atomic/atomic-instrumented.h:176 [inline] BUG: KASAN: use-after-free in _refcountsubandtest include/linux/refcount.h:272 [inline] BUG: KASAN: use-after-free in _refcountdecandtest include/linux/refcount.h:315 [inline] BUG: KASAN: use-after-free in refcountdecandtest include/linux/refcount.h:333 [inline] BUG: KASAN: use-after-free in putdev drivers/usb/gadget/legacy/inode.c:159 [inline] BUG: KASAN: use-after-free in gadgetfskillsb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086 Write of size 4 at addr ffff8880276d7840 by task syz-executor126/18689

CPU: 0 PID: 18689 Comm: syz-executor126 Not tainted 6.1.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <TASK> ... atomicfetchsubrelease include/linux/atomic/atomic-instrumented.h:176 [inline] _refcountsubandtest include/linux/refcount.h:272 [inline] _refcountdecandtest include/linux/refcount.h:315 [inline] refcountdecandtest include/linux/refcount.h:333 [inline] putdev drivers/usb/gadget/legacy/inode.c:159 [inline] gadgetfskillsb+0x33/0x100 drivers/usb/gadget/legacy/inode.c:2086 deactivatelockedsuper+0xa7/0xf0 fs/super.c:332 vfsgetsuper fs/super.c:1190 [inline] gettreesingle+0xd0/0x160 fs/super.c:1207 vfsgettree+0x88/0x270 fs/super.c:1531 vfsfsconfig_locked fs/fsopen.c:232 [inline]

The simplest solution is to ensure that gadgetfsfillsuper() and gadgetfskillsb() are serialized by making them both acquire a new mutex.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e5d82a7360d124ae1a38c2a5eac92ba49b125191

Fixed

9a39f4626b361ee7aa10fd990401c37ec3b466ae

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e5d82a7360d124ae1a38c2a5eac92ba49b125191

Fixed

856e4b5e53f21edbd15d275dde62228dd94fb2b4

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e5d82a7360d124ae1a38c2a5eac92ba49b125191

Fixed

a2e075f40122d8daf587db126c562a67abd69cf9

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e5d82a7360d124ae1a38c2a5eac92ba49b125191

Fixed

616fd34d017000ecf9097368b13d8a266f4920b3

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e5d82a7360d124ae1a38c2a5eac92ba49b125191

Fixed

d18dcfe9860e842f394e37ba01ca9440ab2178f4

Affected versions

v5.*

v5.10

v5.10-rc1

v5.10-rc2

v5.10-rc3

v5.10-rc4

v5.10-rc5

v5.10-rc6

v5.10-rc7

v5.10.1

v5.10.10

v5.10.100

v5.10.101

v5.10.102

v5.10.103

v5.10.104

v5.10.105

v5.10.106

v5.10.107

v5.10.108

v5.10.109

v5.10.11

v5.10.110

v5.10.111

v5.10.112

v5.10.113

v5.10.114

v5.10.115

v5.10.116

v5.10.117

v5.10.118

v5.10.119

v5.10.12

v5.10.120

v5.10.121

v5.10.122

v5.10.123

v5.10.124

v5.10.125

v5.10.126

v5.10.127

v5.10.128

v5.10.129

v5.10.13

v5.10.130

v5.10.131

v5.10.132

v5.10.133

v5.10.134

v5.10.135

v5.10.136

v5.10.137

v5.10.138

v5.10.139

v5.10.14

v5.10.140

v5.10.141

v5.10.142

v5.10.143

v5.10.144

v5.10.145

v5.10.146

v5.10.147

v5.10.148

v5.10.149

v5.10.15

v5.10.150

v5.10.151

v5.10.152

v5.10.153

v5.10.154

v5.10.155

v5.10.156

v5.10.157

v5.10.158

v5.10.159

v5.10.16

v5.10.160

v5.10.161

v5.10.162

v5.10.163

v5.10.164

v5.10.17

v5.10.18

v5.10.19

v5.10.2

v5.10.20

v5.10.21

v5.10.22

v5.10.23

v5.10.24

v5.10.25

v5.10.26

v5.10.27

v5.10.28

v5.10.29

v5.10.3

v5.10.30

v5.10.31

v5.10.32

v5.10.33

v5.10.34

v5.10.35

v5.10.36

v5.10.37

v5.10.38

v5.10.39

v5.10.4

v5.10.40

v5.10.41

v5.10.42

v5.10.43

v5.10.44

v5.10.45

v5.10.46

v5.10.47

v5.10.48

v5.10.49

v5.10.5

v5.10.50

v5.10.51

v5.10.52

v5.10.53

v5.10.54

v5.10.55

v5.10.56

v5.10.57

v5.10.58

v5.10.59

v5.10.6

v5.10.60

v5.10.61

v5.10.62

v5.10.63

v5.10.64

v5.10.65

v5.10.66

v5.10.67

v5.10.68

v5.10.69

v5.10.7

v5.10.70

v5.10.71

v5.10.72

v5.10.73

v5.10.74

v5.10.75

v5.10.76

v5.10.77

v5.10.78

v5.10.79

v5.10.8

v5.10.80

v5.10.81

v5.10.82

v5.10.83

v5.10.84

v5.10.85

v5.10.86

v5.10.87

v5.10.88

v5.10.89

v5.10.9

v5.10.90

v5.10.91

v5.10.92

v5.10.93

v5.10.94

v5.10.95

v5.10.96

v5.10.97

v5.10.98

v5.10.99

v5.11

v5.11-rc1

v5.11-rc2

v5.11-rc3

v5.11-rc4

v5.11-rc5

v5.11-rc6

v5.11-rc7

v5.12

v5.12-rc1

v5.12-rc1-dontuse

v5.12-rc2

v5.12-rc3

v5.12-rc4

v5.12-rc5

v5.12-rc6

v5.12-rc7

v5.12-rc8

v5.13

v5.13-rc1

v5.13-rc2

v5.13-rc3

v5.13-rc4

v5.13-rc5

v5.13-rc6

v5.13-rc7

v5.14

v5.14-rc1

v5.14-rc2

v5.14-rc3

v5.14-rc4

v5.14-rc5

v5.14-rc6

v5.14-rc7

v5.15

v5.15-rc1

v5.15-rc2

v5.15-rc3

v5.15-rc4

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.15.1

v5.15.10

v5.15.11

v5.15.12

v5.15.13

v5.15.14

v5.15.15

v5.15.16

v5.15.17

v5.15.18

v5.15.19

v5.15.2

v5.15.20

v5.15.21

v5.15.22

v5.15.23

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.3

v5.15.30

v5.15.31

v5.15.32

v5.15.33

v5.15.34

v5.15.35

v5.15.36

v5.15.37

v5.15.38

v5.15.39

v5.15.4

v5.15.40

v5.15.41

v5.15.42

v5.15.43

v5.15.44

v5.15.45

v5.15.46

v5.15.47

v5.15.48

v5.15.49

v5.15.5

v5.15.50

v5.15.51

v5.15.52

v5.15.53

v5.15.54

v5.15.55

v5.15.56

v5.15.57

v5.15.58

v5.15.59

v5.15.6

v5.15.60

v5.15.61

v5.15.62

v5.15.63

v5.15.64

v5.15.65

v5.15.66

v5.15.67

v5.15.68

v5.15.69

v5.15.7

v5.15.70

v5.15.71

v5.15.72

v5.15.73

v5.15.74

v5.15.75

v5.15.76

v5.15.77

v5.15.78

v5.15.79

v5.15.8

v5.15.80

v5.15.81

v5.15.82

v5.15.83

v5.15.84

v5.15.85

v5.15.86

v5.15.87

v5.15.88

v5.15.89

v5.15.9

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v5.2

v5.2-rc2

v5.2-rc3

v5.2-rc4

v5.2-rc5

v5.2-rc6

v5.2-rc7

v5.3

v5.3-rc1

v5.3-rc2

v5.3-rc3

v5.3-rc4

v5.3-rc5

v5.3-rc6

v5.3-rc7

v5.3-rc8

v5.4

v5.4-rc1

v5.4-rc2

v5.4-rc3

v5.4-rc4

v5.4-rc5

v5.4-rc6

v5.4-rc7

v5.4-rc8

v5.4.1

v5.4.10

v5.4.100

v5.4.101

v5.4.102

v5.4.103

v5.4.104

v5.4.105

v5.4.106

v5.4.107

v5.4.108

v5.4.109

v5.4.11

v5.4.110

v5.4.111

v5.4.112

v5.4.113

v5.4.114

v5.4.115

v5.4.116

v5.4.117

v5.4.118

v5.4.119

v5.4.12

v5.4.120

v5.4.121

v5.4.122

v5.4.123

v5.4.124

v5.4.125

v5.4.126

v5.4.127

v5.4.128

v5.4.129

v5.4.13

v5.4.130

v5.4.131

v5.4.132

v5.4.133

v5.4.134

v5.4.135

v5.4.136

v5.4.137

v5.4.138

v5.4.139

v5.4.14

v5.4.140

v5.4.141

v5.4.142

v5.4.143

v5.4.144

v5.4.145

v5.4.146

v5.4.147

v5.4.148

v5.4.149

v5.4.15

v5.4.150

v5.4.151

v5.4.152

v5.4.153

v5.4.154

v5.4.155

v5.4.156

v5.4.157

v5.4.158

v5.4.159

v5.4.16

v5.4.160

v5.4.161

v5.4.162

v5.4.163

v5.4.164

v5.4.165

v5.4.166

v5.4.167

v5.4.168

v5.4.169

v5.4.17

v5.4.170

v5.4.171

v5.4.172

v5.4.173

v5.4.174

v5.4.175

v5.4.176

v5.4.177

v5.4.178

v5.4.179

v5.4.18

v5.4.180

v5.4.181

v5.4.182

v5.4.183

v5.4.184

v5.4.185

v5.4.186

v5.4.187

v5.4.188

v5.4.189

v5.4.19

v5.4.190

v5.4.191

v5.4.192

v5.4.193

v5.4.194

v5.4.195

v5.4.196

v5.4.197

v5.4.198

v5.4.199

v5.4.2

v5.4.20

v5.4.200

v5.4.201

v5.4.202

v5.4.203

v5.4.204

v5.4.205

v5.4.206

v5.4.207

v5.4.208

v5.4.209

v5.4.21

v5.4.210

v5.4.211

v5.4.212

v5.4.213

v5.4.214

v5.4.215

v5.4.216

v5.4.217

v5.4.218

v5.4.219

v5.4.22

v5.4.220

v5.4.221

v5.4.222

v5.4.223

v5.4.224

v5.4.225

v5.4.226

v5.4.227

v5.4.228

v5.4.229

v5.4.23

v5.4.24

v5.4.25

v5.4.26

v5.4.27

v5.4.28

v5.4.29

v5.4.3

v5.4.30

v5.4.31

v5.4.32

v5.4.33

v5.4.34

v5.4.35

v5.4.36

v5.4.37

v5.4.38

v5.4.39

v5.4.4

v5.4.40

v5.4.41

v5.4.42

v5.4.43

v5.4.44

v5.4.45

v5.4.46

v5.4.47

v5.4.48

v5.4.49

v5.4.5

v5.4.50

v5.4.51

v5.4.52

v5.4.53

v5.4.54

v5.4.55

v5.4.56

v5.4.57

v5.4.58

v5.4.59

v5.4.6

v5.4.60

v5.4.61

v5.4.62

v5.4.63

v5.4.64

v5.4.65

v5.4.66

v5.4.67

v5.4.68

v5.4.69

v5.4.7

v5.4.70

v5.4.71

v5.4.72

v5.4.73

v5.4.74

v5.4.75

v5.4.76

v5.4.77

v5.4.78

v5.4.79

v5.4.8

v5.4.80

v5.4.81

v5.4.82

v5.4.83

v5.4.84

v5.4.85

v5.4.86

v5.4.87

v5.4.88

v5.4.89

v5.4.9

v5.4.90

v5.4.91

v5.4.92

v5.4.93

v5.4.94

v5.4.95

v5.4.96

v5.4.97

v5.4.98

v5.4.99

v5.5

v5.5-rc1

v5.5-rc2

v5.5-rc3

v5.5-rc4

v5.5-rc5

v5.5-rc6

v5.5-rc7

v5.6

v5.6-rc1

v5.6-rc2

v5.6-rc3

v5.6-rc4

v5.6-rc5

v5.6-rc6

v5.6-rc7

v5.7

v5.7-rc1

v5.7-rc2

v5.7-rc3

v5.7-rc4

v5.7-rc5

v5.7-rc6

v5.7-rc7

v5.8

v5.8-rc1

v5.8-rc2

v5.8-rc3

v5.8-rc4

v5.8-rc5

v5.8-rc6

v5.8-rc7

v5.9

v5.9-rc1

v5.9-rc2

v5.9-rc3

v5.9-rc4

v5.9-rc5

v5.9-rc6

v5.9-rc7

v5.9-rc8

v6.*

v6.0

v6.0-rc1

v6.0-rc2

v6.0-rc3

v6.0-rc4

v6.0-rc5

v6.0-rc6

v6.0-rc7

v6.1

v6.1-rc1

v6.1-rc2

v6.1-rc3

v6.1-rc4

v6.1-rc5

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.5

v6.1.6

v6.1.7

v6.2-rc1

v6.2-rc2

v6.2-rc3

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@856e4b5e53f21edbd15d275dde62228dd94fb2b4",
        "deprecated": false,
        "id": "CVE-2022-48869-15ff0b2e",
        "target": {
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "319016622104717691240260762194714114768",
                "145624367918057090888772898972911312677",
                "42934299262577301497999002545631070766",
                "311115516235869746598768783470185964864",
                "62612838390161606628331423567325199913",
                "106965614529793010733827116665208757908",
                "248067040553938649662272195105991666672",
                "124641317613074232081616494598772661870",
                "109029593993900050315827146410361922848",
                "115979938823365661981246917447210444120",
                "263409701060727488878928848301676756800",
                "127167902680938130089704987417323900843",
                "35798107804289334869739489558767613870",
                "300296138122451860665871854437912071047",
                "273066587740121716224663919080742237942",
                "313172731749546116233024783996271105555",
                "263302601883714181530250903569338344262",
                "166959206480619761475872146936996578300",
                "177184916518962144902503128175611773280",
                "182667270227829844050451682868124439085",
                "123915289714757191724724415088604288326",
                "243996035942590182725284243301620455892",
                "336141026098492228863727976457026285334",
                "255882022987547831046651319060942129896",
                "254151612712819672968962828773991001421",
                "258336296653745149651613791145659090899",
                "174323512481366994223866627140747169845",
                "320430907198054302821861319764766285229",
                "242606187861288711406510596516110986823"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d18dcfe9860e842f394e37ba01ca9440ab2178f4",
        "deprecated": false,
        "id": "CVE-2022-48869-1e0e67fa",
        "target": {
            "function": "gadgetfs_fill_super",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "129916587359030506176131706548309507989",
            "length": 872.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@856e4b5e53f21edbd15d275dde62228dd94fb2b4",
        "deprecated": false,
        "id": "CVE-2022-48869-606a68dc",
        "target": {
            "function": "gadgetfs_fill_super",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "129916587359030506176131706548309507989",
            "length": 872.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2e075f40122d8daf587db126c562a67abd69cf9",
        "deprecated": false,
        "id": "CVE-2022-48869-6170eaa0",
        "target": {
            "function": "gadgetfs_fill_super",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "129916587359030506176131706548309507989",
            "length": 872.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a39f4626b361ee7aa10fd990401c37ec3b466ae",
        "deprecated": false,
        "id": "CVE-2022-48869-75e37448",
        "target": {
            "function": "gadgetfs_kill_sb",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "225553665469934127408815302827329441806",
            "length": 166.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d18dcfe9860e842f394e37ba01ca9440ab2178f4",
        "deprecated": false,
        "id": "CVE-2022-48869-79336674",
        "target": {
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "319016622104717691240260762194714114768",
                "145624367918057090888772898972911312677",
                "42934299262577301497999002545631070766",
                "311115516235869746598768783470185964864",
                "62612838390161606628331423567325199913",
                "106965614529793010733827116665208757908",
                "248067040553938649662272195105991666672",
                "124641317613074232081616494598772661870",
                "109029593993900050315827146410361922848",
                "115979938823365661981246917447210444120",
                "263409701060727488878928848301676756800",
                "127167902680938130089704987417323900843",
                "35798107804289334869739489558767613870",
                "300296138122451860665871854437912071047",
                "273066587740121716224663919080742237942",
                "313172731749546116233024783996271105555",
                "263302601883714181530250903569338344262",
                "166959206480619761475872146936996578300",
                "177184916518962144902503128175611773280",
                "182667270227829844050451682868124439085",
                "123915289714757191724724415088604288326",
                "243996035942590182725284243301620455892",
                "336141026098492228863727976457026285334",
                "255882022987547831046651319060942129896",
                "254151612712819672968962828773991001421",
                "258336296653745149651613791145659090899",
                "174323512481366994223866627140747169845",
                "320430907198054302821861319764766285229",
                "242606187861288711406510596516110986823"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@616fd34d017000ecf9097368b13d8a266f4920b3",
        "deprecated": false,
        "id": "CVE-2022-48869-83742ad8",
        "target": {
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "319016622104717691240260762194714114768",
                "145624367918057090888772898972911312677",
                "42934299262577301497999002545631070766",
                "311115516235869746598768783470185964864",
                "62612838390161606628331423567325199913",
                "106965614529793010733827116665208757908",
                "248067040553938649662272195105991666672",
                "124641317613074232081616494598772661870",
                "109029593993900050315827146410361922848",
                "115979938823365661981246917447210444120",
                "263409701060727488878928848301676756800",
                "127167902680938130089704987417323900843",
                "35798107804289334869739489558767613870",
                "300296138122451860665871854437912071047",
                "273066587740121716224663919080742237942",
                "313172731749546116233024783996271105555",
                "263302601883714181530250903569338344262",
                "166959206480619761475872146936996578300",
                "177184916518962144902503128175611773280",
                "182667270227829844050451682868124439085",
                "123915289714757191724724415088604288326",
                "243996035942590182725284243301620455892",
                "336141026098492228863727976457026285334",
                "255882022987547831046651319060942129896",
                "254151612712819672968962828773991001421",
                "258336296653745149651613791145659090899",
                "174323512481366994223866627140747169845",
                "320430907198054302821861319764766285229",
                "242606187861288711406510596516110986823"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@616fd34d017000ecf9097368b13d8a266f4920b3",
        "deprecated": false,
        "id": "CVE-2022-48869-87d4c13f",
        "target": {
            "function": "gadgetfs_kill_sb",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "225553665469934127408815302827329441806",
            "length": 166.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2e075f40122d8daf587db126c562a67abd69cf9",
        "deprecated": false,
        "id": "CVE-2022-48869-8995a5fb",
        "target": {
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "319016622104717691240260762194714114768",
                "145624367918057090888772898972911312677",
                "42934299262577301497999002545631070766",
                "311115516235869746598768783470185964864",
                "62612838390161606628331423567325199913",
                "106965614529793010733827116665208757908",
                "248067040553938649662272195105991666672",
                "124641317613074232081616494598772661870",
                "109029593993900050315827146410361922848",
                "115979938823365661981246917447210444120",
                "263409701060727488878928848301676756800",
                "127167902680938130089704987417323900843",
                "35798107804289334869739489558767613870",
                "300296138122451860665871854437912071047",
                "273066587740121716224663919080742237942",
                "313172731749546116233024783996271105555",
                "263302601883714181530250903569338344262",
                "166959206480619761475872146936996578300",
                "177184916518962144902503128175611773280",
                "182667270227829844050451682868124439085",
                "123915289714757191724724415088604288326",
                "243996035942590182725284243301620455892",
                "336141026098492228863727976457026285334",
                "255882022987547831046651319060942129896",
                "254151612712819672968962828773991001421",
                "258336296653745149651613791145659090899",
                "174323512481366994223866627140747169845",
                "320430907198054302821861319764766285229",
                "242606187861288711406510596516110986823"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a2e075f40122d8daf587db126c562a67abd69cf9",
        "deprecated": false,
        "id": "CVE-2022-48869-8e5affb7",
        "target": {
            "function": "gadgetfs_kill_sb",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "225553665469934127408815302827329441806",
            "length": 166.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@856e4b5e53f21edbd15d275dde62228dd94fb2b4",
        "deprecated": false,
        "id": "CVE-2022-48869-927ab377",
        "target": {
            "function": "gadgetfs_kill_sb",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "225553665469934127408815302827329441806",
            "length": 166.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a39f4626b361ee7aa10fd990401c37ec3b466ae",
        "deprecated": false,
        "id": "CVE-2022-48869-bcd9e79f",
        "target": {
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "319016622104717691240260762194714114768",
                "145624367918057090888772898972911312677",
                "42934299262577301497999002545631070766",
                "311115516235869746598768783470185964864",
                "62612838390161606628331423567325199913",
                "106965614529793010733827116665208757908",
                "248067040553938649662272195105991666672",
                "124641317613074232081616494598772661870",
                "109029593993900050315827146410361922848",
                "115979938823365661981246917447210444120",
                "263409701060727488878928848301676756800",
                "127167902680938130089704987417323900843",
                "35798107804289334869739489558767613870",
                "300296138122451860665871854437912071047",
                "273066587740121716224663919080742237942",
                "313172731749546116233024783996271105555",
                "263302601883714181530250903569338344262",
                "166959206480619761475872146936996578300",
                "177184916518962144902503128175611773280",
                "182667270227829844050451682868124439085",
                "123915289714757191724724415088604288326",
                "243996035942590182725284243301620455892",
                "336141026098492228863727976457026285334",
                "255882022987547831046651319060942129896",
                "254151612712819672968962828773991001421",
                "258336296653745149651613791145659090899",
                "174323512481366994223866627140747169845",
                "320430907198054302821861319764766285229",
                "242606187861288711406510596516110986823"
            ]
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d18dcfe9860e842f394e37ba01ca9440ab2178f4",
        "deprecated": false,
        "id": "CVE-2022-48869-dd23bbee",
        "target": {
            "function": "gadgetfs_kill_sb",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "225553665469934127408815302827329441806",
            "length": 166.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9a39f4626b361ee7aa10fd990401c37ec3b466ae",
        "deprecated": false,
        "id": "CVE-2022-48869-dd757c29",
        "target": {
            "function": "gadgetfs_fill_super",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "129916587359030506176131706548309507989",
            "length": 872.0
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@616fd34d017000ecf9097368b13d8a266f4920b3",
        "deprecated": false,
        "id": "CVE-2022-48869-f6a475dd",
        "target": {
            "function": "gadgetfs_fill_super",
            "file": "drivers/usb/gadget/legacy/inode.c"
        },
        "digest": {
            "function_hash": "129916587359030506176131706548309507989",
            "length": 872.0
        },
        "signature_type": "Function"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.3.0

Fixed

5.4.230

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.165

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.90

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.8