{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-49936","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-05-01T14:05:17.255Z","datePublished":"2025-06-18T10:54:37.889Z","dateUpdated":"2026-05-11T19:09:33.668Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:09:33.668Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Prevent nested device-reset calls\n\nAutomatic kernel fuzzing revealed a recursive locking violation in\nusb-storage:\n\n============================================\nWARNING: possible recursive locking detected\n5.18.0 #3 Not tainted\n--------------------------------------------\nkworker/1:3/1205 is trying to acquire lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\nbut task is already holding lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\n...\n\nstack backtrace:\nCPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_deadlock_bug kernel/locking/lockdep.c:2988 [inline]\ncheck_deadlock kernel/locking/lockdep.c:3031 [inline]\nvalidate_chain kernel/locking/lockdep.c:3816 [inline]\n__lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053\nlock_acquire kernel/locking/lockdep.c:5665 [inline]\nlock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630\n__mutex_lock_common kernel/locking/mutex.c:603 [inline]\n__mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\nusb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109\nr871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622\nusb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458\ndevice_remove drivers/base/dd.c:545 [inline]\ndevice_remove+0x11f/0x170 drivers/base/dd.c:537\n__device_release_driver drivers/base/dd.c:1222 [inline]\ndevice_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248\nusb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627\nusb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118\nusb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114\n\nThis turned out not to be an error in usb-storage but rather a nested\ndevice reset attempt.  That is, as the rtl8712 driver was being\nunbound from a composite device in preparation for an unrelated USB\nreset (that driver does not have pre_reset or post_reset callbacks),\nits ->remove routine called usb_reset_device() -- thus nesting one\nreset call within another.\n\nPerforming a reset as part of disconnect processing is a questionable\npractice at best.  However, the bug report points out that the USB\ncore does not have any protection against nested resets.  Adding a\nreset_in_progress flag and testing it will prevent such errors in the\nfuture."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/core/hub.c","include/linux/usb.h"],"versions":[{"version":"78d9a487ee961c356e1a934d9a92eca38ffb3a70","lessThan":"d90419b8b8322b6924f6da9da952647f2dadc21b","status":"affected","versionType":"git"},{"version":"78d9a487ee961c356e1a934d9a92eca38ffb3a70","lessThan":"1b29498669914c7f9afb619722421418a753d372","status":"affected","versionType":"git"},{"version":"78d9a487ee961c356e1a934d9a92eca38ffb3a70","lessThan":"cc9a12e12808af178c600cc485338bac2e37d2a8","status":"affected","versionType":"git"},{"version":"78d9a487ee961c356e1a934d9a92eca38ffb3a70","lessThan":"df1875084898b15cbc42f712e93d7f113ae6271b","status":"affected","versionType":"git"},{"version":"78d9a487ee961c356e1a934d9a92eca38ffb3a70","lessThan":"abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8","status":"affected","versionType":"git"},{"version":"78d9a487ee961c356e1a934d9a92eca38ffb3a70","lessThan":"c548b99e1c37db6f7df86ecfe9a1f895d6c5966e","status":"affected","versionType":"git"},{"version":"78d9a487ee961c356e1a934d9a92eca38ffb3a70","lessThan":"d5eb850b3e8836197a38475840725260b9783e94","status":"affected","versionType":"git"},{"version":"78d9a487ee961c356e1a934d9a92eca38ffb3a70","lessThan":"9c6d778800b921bde3bff3cff5003d1650f942d1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/core/hub.c","include/linux/usb.h"],"versions":[{"version":"2.6.27","status":"affected"},{"version":"0","lessThan":"2.6.27","status":"unaffected","versionType":"semver"},{"version":"4.9.328","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.293","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.258","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.213","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.142","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.66","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19.8","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"4.9.328"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"4.14.293"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"4.19.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"5.4.213"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"5.10.142"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"5.15.66"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"5.19.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d90419b8b8322b6924f6da9da952647f2dadc21b"},{"url":"https://git.kernel.org/stable/c/1b29498669914c7f9afb619722421418a753d372"},{"url":"https://git.kernel.org/stable/c/cc9a12e12808af178c600cc485338bac2e37d2a8"},{"url":"https://git.kernel.org/stable/c/df1875084898b15cbc42f712e93d7f113ae6271b"},{"url":"https://git.kernel.org/stable/c/abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8"},{"url":"https://git.kernel.org/stable/c/c548b99e1c37db6f7df86ecfe9a1f895d6c5966e"},{"url":"https://git.kernel.org/stable/c/d5eb850b3e8836197a38475840725260b9783e94"},{"url":"https://git.kernel.org/stable/c/9c6d778800b921bde3bff3cff5003d1650f942d1"}],"title":"USB: core: Prevent nested device-reset calls","x_generator":{"engine":"bippy-1.2.0"}}}}