CVE-2022-49980 – A race condition in the Linux kernel's USB gadg... (How to Fix)

Q: What is the severity of CVE-2022-49980?

CVE-2022-49980 has a CVSS score of 7.8 (HIGH). A race condition in the Linux kernel's USB gadget subsystem allows a use-after-free vulnerability when processing uevent notifications. This can lead to kernel memory corruption and potential privilege escalation. Systems using USB gadget functionality with affected kernel versions are vulnerable.

📋 TL;DR

A race condition in the Linux kernel's USB gadget subsystem allows a use-after-free vulnerability when processing uevent notifications. This can lead to kernel memory corruption and potential privilege escalation. Systems using USB gadget functionality with affected kernel versions are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution). The vulnerability was introduced in kernel development and fixed in stable releases.

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with USB gadget functionality enabled (CONFIG_USB_GADGET). Many embedded systems and devices use this functionality.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic, system crash, or privilege escalation to root via kernel memory corruption leading to arbitrary code execution.

🟠

Likely Case

System instability, kernel panic, or denial of service due to memory corruption.

🟢

If Mitigated

No impact if patched or if USB gadget functionality is not used.

🌐 Internet-Facing: LOW - Requires local access to trigger the race condition via uevent processing.

🏢 Internal Only: MEDIUM - Local attackers or malicious processes could exploit this to escalate privileges or crash systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires precise timing to trigger the race condition between uevent callbacks and driver unregistration.

Discovered by syzbot fuzzer. Exploitation requires local access and ability to trigger uevents while USB gadget drivers are being unbound.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits f44b0b95d50fffeca036e1ba36770390e0b519dd and 2191c00855b03aa59c20e698be713d952d51fc18

Vendor Advisory: https://git.kernel.org/stable/c/2191c00855b03aa59c20e698be713d952d51fc18

Restart Required: Yes

Instructions:

1. Update to a kernel version containing the fix. 2. For distributions: Apply security updates from your vendor. 3. Rebuild kernel if compiling from source. 4. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable USB gadget functionality

linux

Remove USB gadget support if not needed by disabling CONFIG_USB_GADGET in kernel configuration

Check if enabled: grep CONFIG_USB_GADGET /boot/config-$(uname -r)
To disable: Recompile kernel with CONFIG_USB_GADGET=n

🧯 If You Can't Patch

Restrict access to uevent triggering mechanisms to trusted users only
Monitor for kernel panic logs and investigate any system instability related to USB operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if USB gadget is enabled: uname -r && grep CONFIG_USB_GADGET /boot/config-$(uname -r)

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched: Check if kernel includes the fix commits or is newer than vulnerable versions

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
KASAN reports of use-after-free in usb_udc_uevent
System crashes during USB operations

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "usb_udc_uevent" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2022-49980

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.02% exploit probability (3.6th percentile)

Published: June 18, 2025

Last Updated: November 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49980, you might also want to check these: