CVE-2022-49686
📋 TL;DR
A double-free vulnerability in the Linux kernel's USB gadget UVC driver can cause kernel panic when USB video streaming endpoints become disabled. This affects systems using USB gadget functionality, particularly embedded devices and virtual machines with USB passthrough. The vulnerability allows local attackers to crash the system.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash when USB video streaming endpoints are disabled during active use, requiring reboot to restore functionality.
If Mitigated
Minimal impact with proper access controls preventing local users from triggering the vulnerable code path.
🎯 Exploit Status
Requires local access and ability to trigger USB gadget UVC functionality. Exploitation leads to denial of service, not privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 96163f835e65f8c9897487fac965819f0651d671 or d95ac8b920de1d39525fadc408ce675697626ca6
Vendor Advisory: https://git.kernel.org/stable/c/96163f835e65f8c9897487fac965819f0651d671
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable USB gadget UVC driver
LinuxPrevent loading of the vulnerable USB gadget UVC driver module
echo 'blacklist uvc' >> /etc/modprobe.d/blacklist.conf
rmmod uvc
🧯 If You Can't Patch
- Restrict local user access to systems with USB gadget functionality
- Monitor for kernel panic events and investigate USB gadget usage patterns
🔍 How to Verify
Check if Vulnerable:
Check if USB gadget UVC driver is loaded: lsmod | grep uvcCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or is newer than vulnerable versions📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'list_add double add'
- USB gadget UVC error messages in dmesg
- System crash/reboot events
Network Indicators:
- None - local vulnerability only
SIEM Query:
event_type:"kernel_panic" AND message:"list_add double add" OR "uvcg_video_pump"