CVE-2022-49299

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc2: gadget: dont reset gadgets driver->bus

UDC driver should not touch gadgets driver internals, especially it should not reset driver->bus. This wasnt harmful so far, but since commit fc274c1e9973 (USB: gadget: Add a new bus for gadgets) gadget subsystem got its own bus and messing with ->bus triggers the following NULL pointer dereference:

dwc2 12480000.hsotg: bound driver g_ether 8<— cut here — Unable to handle kernel NULL pointer dereference at virtual address 00000000 [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP ARM Modules linked in: … CPU: 0 PID: 620 Comm: modprobe Not tainted 5.18.0-rc5-next-20220504 #11862 Hardware name: Samsung Exynos (Flattened Device Tree) PC is at module_add_driver+0x44/0xe8 LR is at sysfs_do_create_link_sd+0x84/0xe0 … Process modprobe (pid: 620, stack limit = 0x(ptrval)) … module_add_driver from bus_add_driver+0xf4/0x1e4 bus_add_driver from driver_register+0x78/0x10c driver_register from usb_gadget_register_driver_owner+0x40/0xb4 usb_gadget_register_driver_owner from do_one_initcall+0x44/0x1e0 do_one_initcall from do_init_module+0x44/0x1c8 do_init_module from load_module+0x19b8/0x1b9c load_module from sys_finit_module+0xdc/0xfc sys_finit_module from ret_fast_syscall+0x0/0x54 Exception stack(0xf1771fa8 to 0xf1771ff0) … dwc2 12480000.hsotg: new device is high-speed —[ end trace 0000000000000000 ]—

Fix this by removing driver->bus entry reset.

Affected Software

References

• https://git.kernel.org/stable/c/172cfc167c8ee6238f24f9c16efd598602af643c
• https://git.kernel.org/stable/c/3120aac6d0ecd9accf56894aeac0e265f74d3d5a
• https://git.kernel.org/stable/c/5127c0f365265bb69cd776ad6e4b872c309f3fa8
• https://git.kernel.org/stable/c/547ebdc200b862dff761ff4890f66d8217c33316
• https://git.kernel.org/stable/c/5b0c0298f7c3b57417f1729ec4071f76864b72dd
• https://git.kernel.org/stable/c/bee8f9808a7e82addfc73a0973b16a8bb684205b
• https://git.kernel.org/stable/c/d2159feb9d28ce496d77df98313ab454646372ac
• https://git.kernel.org/stable/c/d232ca0bbc7d03144bad0ffd1792c3352bfd03fa
• https://git.kernel.org/stable/c/efb15ff4a77fe053c941281775fefa91c87770e0