CVE-2022-49501
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49501
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49501.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49501
- Downstream
- Related
- Published
- 2025-02-26T02:13:34Z
- Modified
- 2025-10-21T10:24:09.832636Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- usbnet: Run unregister_netdev() before unbind() again
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usbnet: Run unregister_netdev() before unbind() again
Commit 2c9d6c2b871d ("usbnet: run unbind() before unregister_netdev()") sought to fix a use-after-free on disconnect of USB Ethernet adapters.
It turns out that a different fix is necessary to address the issue: https://lore.kernel.org/netdev/18b3541e5372bc9b9fc733d422f4e698c089077c.1650177997.git.lukas@wunner.de/
So the commit was not necessary.
The commit made binding and unbinding of USB Ethernet asymmetrical: Before, usbnetprobe() first invoked the ->bind() callback and then registernetdev(). usbnetdisconnect() mirrored that by first invoking unregisternetdev() and then ->unbind().
Since the commit, the order in usbnetdisconnect() is reversed and no longer mirrors usbnetprobe().
One consequence is that a PHY disconnected (and stopped) in ->unbind() is afterwards stopped once more by unregister_netdev() as it closes the netdev before unregistering. That necessitates a contortion in ->stop() because the PHY may only be stopped if it hasn't already been disconnected.
Reverting the commit allows making the call to phy_stop() unconditional in ->stop().
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/6d5deb242874d924beccf7eb3cef04c1c3b0da79
- https://git.kernel.org/stable/c/969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509
- https://git.kernel.org/stable/c/d1408f6b4dd78fb1b9e26bcf64477984e5f85409
- https://git.kernel.org/stable/c/fbda837107f9bd4ec658d2aa88c6856dba606f06
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2c9d6c2b871d5841ce26ede3e81fd37e2e33c42cFixed6d5deb242874d924beccf7eb3cef04c1c3b0da79
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2c9d6c2b871d5841ce26ede3e81fd37e2e33c42cFixedfbda837107f9bd4ec658d2aa88c6856dba606f06
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2c9d6c2b871d5841ce26ede3e81fd37e2e33c42cFixed969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced2c9d6c2b871d5841ce26ede3e81fd37e2e33c42cFixedd1408f6b4dd78fb1b9e26bcf64477984e5f85409
Affected versions
v5.*
v5.13
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.34
v5.15.35
v5.15.36
v5.15.37
v5.15.38
v5.15.39
v5.15.4
v5.15.40
v5.15.41
v5.15.42
v5.15.43
v5.15.44
v5.15.45
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.10
v5.17.11
v5.17.12
v5.17.13
v5.17.2
v5.17.3
v5.17.4
v5.17.5
v5.17.6
v5.17.7
v5.17.8
v5.17.9
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"170057258613220716702373547708536813494",
"271314267269201534305489404987541420815",
"118600796398529504752439865407223491854",
"9999554252423290412818628149584697171",
"226026277365593403851747302995307606398"
]
},
"target": {
"file": "drivers/net/usb/asix_devices.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d5deb242874d924beccf7eb3cef04c1c3b0da79",
"id": "CVE-2022-49501-04d4a07f",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "166930875918606024414003635465286742461",
"length": 164.0
},
"target": {
"file": "drivers/net/usb/asix_devices.c",
"function": "ax88772_stop"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbda837107f9bd4ec658d2aa88c6856dba606f06",
"id": "CVE-2022-49501-05cd393d",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "227876210093560191274488275253773436092",
"length": 699.0
},
"target": {
"file": "drivers/net/usb/usbnet.c",
"function": "usbnet_disconnect"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509",
"id": "CVE-2022-49501-0ade05e7",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"70453213244394071570374789333836222534",
"317670919788533834578438804544883451566",
"35514086021556363257714056862438832112",
"96166010300964172434856443175939128508",
"61817170211674713633704218920687820374",
"105110885898732196534562533225168790319",
"277559186045006119038585210517200779897",
"293179948289102258615371980642442101006"
]
},
"target": {
"file": "drivers/net/usb/usbnet.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d5deb242874d924beccf7eb3cef04c1c3b0da79",
"id": "CVE-2022-49501-12120530",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"335182359108917303813864271393178474594",
"283252544958978339477123418430509619517",
"61140217110882305165308325785795969488",
"32907243660098870510648350709953648571",
"109281285245730344514382850540505787843"
]
},
"target": {
"file": "drivers/net/usb/smsc95xx.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509",
"id": "CVE-2022-49501-1681825e",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "261891384678058654171191767275858705886",
"length": 122.0
},
"target": {
"file": "drivers/net/usb/smsc95xx.c",
"function": "smsc95xx_stop"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509",
"id": "CVE-2022-49501-1bd766e1",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"70453213244394071570374789333836222534",
"317670919788533834578438804544883451566",
"35514086021556363257714056862438832112",
"96166010300964172434856443175939128508",
"61817170211674713633704218920687820374",
"105110885898732196534562533225168790319",
"277559186045006119038585210517200779897",
"293179948289102258615371980642442101006"
]
},
"target": {
"file": "drivers/net/usb/usbnet.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1408f6b4dd78fb1b9e26bcf64477984e5f85409",
"id": "CVE-2022-49501-205dbaa2",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "227876210093560191274488275253773436092",
"length": 699.0
},
"target": {
"file": "drivers/net/usb/usbnet.c",
"function": "usbnet_disconnect"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1408f6b4dd78fb1b9e26bcf64477984e5f85409",
"id": "CVE-2022-49501-366b3e14",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"170057258613220716702373547708536813494",
"271314267269201534305489404987541420815",
"118600796398529504752439865407223491854",
"9999554252423290412818628149584697171",
"226026277365593403851747302995307606398"
]
},
"target": {
"file": "drivers/net/usb/asix_devices.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbda837107f9bd4ec658d2aa88c6856dba606f06",
"id": "CVE-2022-49501-374dd47c",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "166930875918606024414003635465286742461",
"length": 164.0
},
"target": {
"file": "drivers/net/usb/asix_devices.c",
"function": "ax88772_stop"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d5deb242874d924beccf7eb3cef04c1c3b0da79",
"id": "CVE-2022-49501-3973c482",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"335182359108917303813864271393178474594",
"283252544958978339477123418430509619517",
"61140217110882305165308325785795969488",
"32907243660098870510648350709953648571",
"109281285245730344514382850540505787843"
]
},
"target": {
"file": "drivers/net/usb/smsc95xx.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1408f6b4dd78fb1b9e26bcf64477984e5f85409",
"id": "CVE-2022-49501-3c664835",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "261891384678058654171191767275858705886",
"length": 122.0
},
"target": {
"file": "drivers/net/usb/smsc95xx.c",
"function": "smsc95xx_stop"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbda837107f9bd4ec658d2aa88c6856dba606f06",
"id": "CVE-2022-49501-44cf795b",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "261891384678058654171191767275858705886",
"length": 122.0
},
"target": {
"file": "drivers/net/usb/smsc95xx.c",
"function": "smsc95xx_stop"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1408f6b4dd78fb1b9e26bcf64477984e5f85409",
"id": "CVE-2022-49501-50aeb25f",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"70453213244394071570374789333836222534",
"317670919788533834578438804544883451566",
"35514086021556363257714056862438832112",
"96166010300964172434856443175939128508",
"61817170211674713633704218920687820374",
"105110885898732196534562533225168790319",
"277559186045006119038585210517200779897",
"293179948289102258615371980642442101006"
]
},
"target": {
"file": "drivers/net/usb/usbnet.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbda837107f9bd4ec658d2aa88c6856dba606f06",
"id": "CVE-2022-49501-58a78cb3",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "166930875918606024414003635465286742461",
"length": 164.0
},
"target": {
"file": "drivers/net/usb/asix_devices.c",
"function": "ax88772_stop"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1408f6b4dd78fb1b9e26bcf64477984e5f85409",
"id": "CVE-2022-49501-612188d5",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "261891384678058654171191767275858705886",
"length": 122.0
},
"target": {
"file": "drivers/net/usb/smsc95xx.c",
"function": "smsc95xx_stop"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d5deb242874d924beccf7eb3cef04c1c3b0da79",
"id": "CVE-2022-49501-674e7e6d",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"170057258613220716702373547708536813494",
"271314267269201534305489404987541420815",
"118600796398529504752439865407223491854",
"9999554252423290412818628149584697171",
"226026277365593403851747302995307606398"
]
},
"target": {
"file": "drivers/net/usb/asix_devices.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509",
"id": "CVE-2022-49501-a4b38229",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"70453213244394071570374789333836222534",
"317670919788533834578438804544883451566",
"35514086021556363257714056862438832112",
"96166010300964172434856443175939128508",
"61817170211674713633704218920687820374",
"105110885898732196534562533225168790319",
"277559186045006119038585210517200779897",
"293179948289102258615371980642442101006"
]
},
"target": {
"file": "drivers/net/usb/usbnet.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509",
"id": "CVE-2022-49501-a92eec37",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "227876210093560191274488275253773436092",
"length": 699.0
},
"target": {
"file": "drivers/net/usb/usbnet.c",
"function": "usbnet_disconnect"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d5deb242874d924beccf7eb3cef04c1c3b0da79",
"id": "CVE-2022-49501-ad48ca0b",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "166930875918606024414003635465286742461",
"length": 164.0
},
"target": {
"file": "drivers/net/usb/asix_devices.c",
"function": "ax88772_stop"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@969a1b3ea3cb7d58a16fe12fd1b04bfc0ea40509",
"id": "CVE-2022-49501-ba1d102e",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"170057258613220716702373547708536813494",
"271314267269201534305489404987541420815",
"118600796398529504752439865407223491854",
"9999554252423290412818628149584697171",
"226026277365593403851747302995307606398"
]
},
"target": {
"file": "drivers/net/usb/asix_devices.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d1408f6b4dd78fb1b9e26bcf64477984e5f85409",
"id": "CVE-2022-49501-c7e0a0ef",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "227876210093560191274488275253773436092",
"length": 699.0
},
"target": {
"file": "drivers/net/usb/usbnet.c",
"function": "usbnet_disconnect"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbda837107f9bd4ec658d2aa88c6856dba606f06",
"id": "CVE-2022-49501-d7e9b144",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"335182359108917303813864271393178474594",
"283252544958978339477123418430509619517",
"61140217110882305165308325785795969488",
"32907243660098870510648350709953648571",
"109281285245730344514382850540505787843"
]
},
"target": {
"file": "drivers/net/usb/smsc95xx.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbda837107f9bd4ec658d2aa88c6856dba606f06",
"id": "CVE-2022-49501-de204cb5",
"deprecated": false,
"signature_version": "v1"
},
{
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"335182359108917303813864271393178474594",
"283252544958978339477123418430509619517",
"61140217110882305165308325785795969488",
"32907243660098870510648350709953648571",
"109281285245730344514382850540505787843"
]
},
"target": {
"file": "drivers/net/usb/smsc95xx.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d5deb242874d924beccf7eb3cef04c1c3b0da79",
"id": "CVE-2022-49501-f7b9b1b6",
"deprecated": false,
"signature_version": "v1"
}
]