{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-49686","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-02-26T02:21:30.441Z","datePublished":"2025-02-26T02:24:12.624Z","dateUpdated":"2025-05-04T08:43:18.743Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:43:18.743Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: fix list double add in uvcg_video_pump\n\nA panic can occur if the endpoint becomes disabled and the\nuvcg_video_pump adds the request back to the req_free list after it has\nalready been queued to the endpoint. The endpoint complete will add the\nrequest back to the req_free list. Invalidate the local request handle\nonce it's been queued.\n\n<6>[  246.796704][T13726] configfs-gadget gadget: uvc: uvc_function_set_alt(1, 0)\n<3>[  246.797078][   T26] list_add double add: new=ffffff878bee5c40, prev=ffffff878bee5c40, next=ffffff878b0f0a90.\n<6>[  246.797213][   T26] ------------[ cut here ]------------\n<2>[  246.797224][   T26] kernel BUG at lib/list_debug.c:31!\n<6>[  246.807073][   T26] Call trace:\n<6>[  246.807180][   T26]  uvcg_video_pump+0x364/0x38c\n<6>[  246.807366][   T26]  process_one_work+0x2a4/0x544\n<6>[  246.807394][   T26]  worker_thread+0x350/0x784\n<6>[  246.807442][   T26]  kthread+0x2ac/0x320"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/function/uvc_video.c"],"versions":[{"version":"f9897ec0f6d34e8b2bc2f4c8ab8789351090f3d2","lessThan":"d95ac8b920de1d39525fadc408ce675697626ca6","status":"affected","versionType":"git"},{"version":"f9897ec0f6d34e8b2bc2f4c8ab8789351090f3d2","lessThan":"96163f835e65f8c9897487fac965819f0651d671","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/function/uvc_video.c"],"versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","status":"unaffected","versionType":"semver"},{"version":"5.18.8","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d95ac8b920de1d39525fadc408ce675697626ca6"},{"url":"https://git.kernel.org/stable/c/96163f835e65f8c9897487fac965819f0651d671"}],"title":"usb: gadget: uvc: fix list double add in uvcg_video_pump","x_generator":{"engine":"bippy-1.2.0"}}}}