{"id":"CVE-2022-49936","summary":"USB: core: Prevent nested device-reset calls","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Prevent nested device-reset calls\n\nAutomatic kernel fuzzing revealed a recursive locking violation in\nusb-storage:\n\n============================================\nWARNING: possible recursive locking detected\n5.18.0 #3 Not tainted\n--------------------------------------------\nkworker/1:3/1205 is trying to acquire lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\nbut task is already holding lock:\nffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at:\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\n\n...\n\nstack backtrace:\nCPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_deadlock_bug kernel/locking/lockdep.c:2988 [inline]\ncheck_deadlock kernel/locking/lockdep.c:3031 [inline]\nvalidate_chain kernel/locking/lockdep.c:3816 [inline]\n__lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053\nlock_acquire kernel/locking/lockdep.c:5665 [inline]\nlock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630\n__mutex_lock_common kernel/locking/mutex.c:603 [inline]\n__mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747\nusb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230\nusb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109\nr871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622\nusb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458\ndevice_remove drivers/base/dd.c:545 [inline]\ndevice_remove+0x11f/0x170 drivers/base/dd.c:537\n__device_release_driver drivers/base/dd.c:1222 [inline]\ndevice_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248\nusb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627\nusb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118\nusb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114\n\nThis turned out not to be an error in usb-storage but rather a nested\ndevice reset attempt.  That is, as the rtl8712 driver was being\nunbound from a composite device in preparation for an unrelated USB\nreset (that driver does not have pre_reset or post_reset callbacks),\nits -\u003eremove routine called usb_reset_device() -- thus nesting one\nreset call within another.\n\nPerforming a reset as part of disconnect processing is a questionable\npractice at best.  However, the bug report points out that the USB\ncore does not have any protection against nested resets.  Adding a\nreset_in_progress flag and testing it will prevent such errors in the\nfuture.","modified":"2026-04-03T13:14:31.363135Z","published":"2025-06-18T10:54:37.889Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02537-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49936.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1b29498669914c7f9afb619722421418a753d372"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9c6d778800b921bde3bff3cff5003d1650f942d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c548b99e1c37db6f7df86ecfe9a1f895d6c5966e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cc9a12e12808af178c600cc485338bac2e37d2a8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d5eb850b3e8836197a38475840725260b9783e94"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d90419b8b8322b6924f6da9da952647f2dadc21b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df1875084898b15cbc42f712e93d7f113ae6271b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49936.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49936"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"78d9a487ee961c356e1a934d9a92eca38ffb3a70"},{"fixed":"d90419b8b8322b6924f6da9da952647f2dadc21b"},{"fixed":"1b29498669914c7f9afb619722421418a753d372"},{"fixed":"cc9a12e12808af178c600cc485338bac2e37d2a8"},{"fixed":"df1875084898b15cbc42f712e93d7f113ae6271b"},{"fixed":"abe3cfb7a7c8e907b312c7dbd7bf4d142b745aa8"},{"fixed":"c548b99e1c37db6f7df86ecfe9a1f895d6c5966e"},{"fixed":"d5eb850b3e8836197a38475840725260b9783e94"},{"fixed":"9c6d778800b921bde3bff3cff5003d1650f942d1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49936.json"}}],"schema_version":"1.7.5"}