CVE-2022-49944

In the Linux kernel, the following vulnerability has been resolved: Revert "usb: typec: ucsi: add a common function ucsi_unregister_connectors()" The recent commit 87d0e2f41b8c ("usb: typec: ucsi: add a common function ucsi_unregister_connectors()") introduced a regression that caused NULL dereference at reading the power supply sysfs. It's a stale sysfs entry that should have been removed but remains with NULL ops. The commit changed the error handling to skip the entries after a NULL con->wq, and this leaves the power device unreleased. For addressing the regression, the straight revert is applied here. Further code improvements can be done from the scratch again.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad	Patch
https://git.kernel.org/stable/c/5f73aa2cf8bef4a39baa1591c3144ede4788826e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.0:rc3::::::

History

14 Nov 2025, 19:43

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad -~~	() https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad - Patch
References	~~() https://git.kernel.org/stable/c/5f73aa2cf8bef4a39baa1591c3144ede4788826e -~~	() https://git.kernel.org/stable/c/5f73aa2cf8bef4a39baa1591c3144ede4788826e - Patch
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:6.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.0:rc3::::::
CWE		CWE-476

Information

Published : 2025-06-18 11:15

Updated : 2025-11-14 19:43

NVD link : CVE-2022-49944

Mitre link : CVE-2022-49944

CVE.ORG link : CVE-2022-49944

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2022-49944", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-06-18T11:15:21.377", "references": [{"url": "https://git.kernel.org/stable/c/3d4044c9e6d2e3f11f1f8b5e0ee8647d3eb1afad", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5f73aa2cf8bef4a39baa1591c3144ede4788826e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"usb: typec: ucsi: add a common function ucsi_unregister_connectors()\"\n\nThe recent commit 87d0e2f41b8c (\"usb: typec: ucsi: add a common\nfunction ucsi_unregister_connectors()\") introduced a regression that\ncaused NULL dereference at reading the power supply sysfs. It's a\nstale sysfs entry that should have been removed but remains with NULL\nops. The commit changed the error handling to skip the entries after\na NULL con->wq, and this leaves the power device unreleased.\n\nFor addressing the regression, the straight revert is applied here.\nFurther code improvements can be done from the scratch again."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \"usb: typec: ucsi: a\u00f1adir una funci\u00f3n com\u00fan ucsi_unregister_connectors()\". La reciente confirmaci\u00f3n 87d0e2f41b8c (\"usb: typec: ucsi: a\u00f1adir una funci\u00f3n com\u00fan ucsi_unregister_connectors()\") introdujo una regresi\u00f3n que provocaba una desreferencia nula al leer el archivo sysfs de la fuente de alimentaci\u00f3n. Se trata de una entrada obsoleta del archivo sysfs que deber\u00eda haberse eliminado, pero que permanece con operaciones nulas. el commit modific\u00f3 la gesti\u00f3n de errores para omitir las entradas despu\u00e9s de un comando con->wq nulo, lo que deja el dispositivo de alimentaci\u00f3n sin liberar. Para solucionar la regresi\u00f3n, se aplica la reversi\u00f3n directa. Se pueden realizar mejoras de c\u00f3digo desde cero."}], "lastModified": "2025-11-14T19:43:04.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E795B3E-4D62-43FD-B109-481E9CF5C069", "versionEndExcluding": "5.19.8", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}