CVE-2022-49937

一、漏洞信息
 漏洞编号：[CVE-2022-49937](https://nvd.nist.gov/vuln/detail/CVE-2022-49937)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
 CVSS V3.0分值：
  BaseScore：N/A None
  Vector：CVSS：3.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:media: mceusb: Use new usb_control_msg_*() routinesAutomatic kernel fuzzing led to a WARN about invalid pipe direction inthe mceusb driver:------------[ cut here ]------------usb 6-1: BOGUS control dir, pipe 80000380 doesn t match bRequestType 40WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410Modules linked in:CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS1.13.0-1ubuntu1.1 04/01/2014Workqueue: usb_hub_wq hub_eventRIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410Code: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e844 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0be9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41RSP: 0018:ffffc900032becf0 EFLAGS: 00010282RAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000RDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90RBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000R10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000R13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0Call Trace:<TASK>usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58usb_internal_control_msg drivers/usb/core/message.c:102 [inline]usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153mceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline]mceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807The reason for the warning is clear enough; the driver sends anunusual read request on endpoint 0 but does not set the USB_DIR_IN bitin the bRequestType field.More importantly, the whole situation can be avoided and the driversimplified by converting it over to the relatively newusb_control_msg_recv() and usb_control_msg_send() routines.  That swhat this fix does.
 漏洞公开时间：2025-06-18 19:15:20
 漏洞创建时间：2025-06-19 10:42:56
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2022-49937
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4c69d885a3f2edb6 |  |
|  | https://git.kernel.org/stable/c/608e58a0f4617977178131f5f68a3fce1d3f5316 |  |
|  | https://git.kernel.org/stable/c/75913c562f5ba4cf397d835c63f443879167c6f6 |  |
|  | https://git.kernel.org/stable/c/d69c738ac9310b56e84c51c8f09fc018a8291bc6 |  |
|  | https://security-tracker.debian.org/tracker/CVE-2022-49937 |  |
|  | https://www.cve.org/CVERecord?id=CVE-2022-49937 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2022-49937 |  |
|  | https://lore.kernel.org/linux-cve-announce/2025061847-CVE-2022-49937-5d01@gregkh/T |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2373398 |  |
|  | https://vigilance.fr/vulnerability/Linux-kernel-multiple-vulnerabilities-dated-18-06-2025-47466 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  七彩瞬析开源风险感知平台
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| gregkh/linux |  | https://github.com/gregkh/linux/commit/587f793c64d99d92be8ef01c4c69d885a3f2edb6.patch |  | ljqc |
|  |  | https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4c69d885a3f2edb6 |  | nvd |
|  |  | https://git.kernel.org/stable/c/608e58a0f4617977178131f5f68a3fce1d3f5316 |  | nvd |
|  |  | https://git.kernel.org/stable/c/75913c562f5ba4cf397d835c63f443879167c6f6 |  | nvd |
|  |  | https://git.kernel.org/stable/c/d69c738ac9310b56e84c51c8f09fc018a8291bc6 |  | nvd |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
                  In the Linux kernel, the following vulnerability has been resolved:media: mceusb: Use new usb_control_msg_*() routinesAutomatic kernel fuzzing led to a WARN about invalid pipe direction inthe mceusb driver:------------[ cut here ]------------usb 6-1: BOGUS control dir, pipe 80000380 doesn&#39;t match bRequestType 40WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410Modules linked in:CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS1.13.0-1ubuntu1.1 04/01/2014Workqueue: usb_hub_wq hub_eventRIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410Code: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e844 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 &lt;0f&gt; 0be9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41RSP: 0018:ffffc900032becf0 EFLAGS: 00010282RAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000RDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90RBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000R10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000R13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0Call Trace:&lt;TASK&gt;usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58usb_internal_control_msg drivers/usb/core/message.c:102 [inline]usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153mceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline]mceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807The reason for the warning is clear enough; the driver sends anunusual read request on endpoint 0 but does not set the USB_DIR_IN bitin the bRequestType field.More importantly, the whole situation can be avoided and the driversimplified by converting it over to the relatively newusb_control_msg_recv() and usb_control_msg_send() routines.  That&#39;swhat this fix does.The Linux kernel CVE team has assigned CVE-2022-49937 to this issue.        
 openEuler评分：
  4.0
 Vector：CVSS：3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
 受影响版本排查(受影响/不受影响)：
  1.openEuler-22.03-LTS-SP3(5.10.0):受影响
2.openEuler-22.03-LTS-SP4(5.10.0):受影响
3.master(6.12.33):不受影响
4.openEuler-20.03-LTS-SP4(4.19.90):不受影响
5.openEuler-24.03-LTS:不受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:不受影响
8.openEuler-24.03-LTS-SP2:不受影响

修复是否涉及abi变化(是/否)：
  1.master(6.12.33):否
2.openEuler-20.03-LTS-SP4(4.19.90):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.openEuler-22.03-LTS-SP4(5.10.0):否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-24.03-LTS-SP1:否
8.openEuler-24.03-LTS-SP2:否

原因说明：
  1.openEuler-22.03-LTS-SP3(5.10.0):正常修复
2.openEuler-22.03-LTS-SP4(5.10.0):正常修复
3.master(6.12.33):不受影响-漏洞代码不能被攻击者触发
4.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不能被攻击者触发
5.openEuler-24.03-LTS:不受影响-漏洞代码不能被攻击者触发
6.openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-SP1:不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP2:不受影响-漏洞代码不能被攻击者触发

src-openEuler/kernel

Content Risk Flag

Comments (7)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

Content Risk Flag

CVE-2022-49937

Comments (7)

Search

src-openEuler/kernel