CVE-2022-49306

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue was related to the assignment of ACPI companions to xHCI ports and USB devices in the dwc3 host. The problem occurred because the primary fwnode, which is the ACPI companion, was shared, and assigning it resulted in the replacement of the fwnode->secondary pointer for the parent dwc3 device. This was unintentional and could have led to potential side effects, such as resource leaks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2025_16880

AZL-68615

CVE-2022-49306

RHSA-2022:8267

RHSA-2022_8267

SUSE-SU-2025:1176-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1241-1

Affected Products

Debian

Linux Kernel

Red Hat

Suse

CVE-2022-49306

Related Identifiers

Affected Products

References · 1303