U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2022-49389 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after that, usb_put_dev() needs to be called to release the reference. Fix this by moving usb_put_dev() to sdev_free error path handling. Find this by code review.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/11c65408bd0ba1d9cd1307caa38169292de9cdfb Patch 
https://git.kernel.org/stable/c/247d3809e45a34d9e1a3a2bb7012e31ed8b46031 Patch 
https://git.kernel.org/stable/c/2f0ae93ec33c8456cdfbf7876b80403a6318ebce Patch 
https://git.kernel.org/stable/c/51422046be504515eb5a591adf0f424b62f46804 Patch 
https://git.kernel.org/stable/c/6bafee2f18af5e5ac125e42960bc65496d0e56a0 Patch 
https://git.kernel.org/stable/c/8afb048800919d0ab10c57983940eba956339f21 Patch 
https://git.kernel.org/stable/c/9ec4cbf1cc55d126759051acfe328d489c5d6e60 Patch 
https://git.kernel.org/stable/c/bcbb795a9e78180d74c6ab21518da87e803dfdce Patch 
https://git.kernel.org/stable/c/f20d2d3b3364ce6525c050a8b6b4c54c8c19674d Patch 

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-Other Other cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-49389
NVD Published Date:
02/26/2025
NVD Last Modified:
04/17/2025
Source:
kernel.org