Recursive Locking Violation in USB Core Drivers by Linux Kernel
CVE-2022-49936

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-49936?

A recursive locking violation was discovered in the Linux kernel's USB storage driver, resulting from a nested device reset attempt during driver unbinding. This issue arises when the rtl8712 driver, upon disconnecting, erroneously initiates a reset while another reset is in progress. Such behavior can lead to system instability and enhance the risk of deadlocks. To mitigate future occurrences, the USB core lacks safeguards against nested reset calls, prompting the addition of a reset_in_progress flag to prevent similar incidents.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1b29498669914c7f9afb619722421418a753d372

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/d90419b8b8322b6924f6da9da...

https://git.kernel.org/stable/c/1b29498669914c7f9afb61972...

https://git.kernel.org/stable/c/cc9a12e12808af178c600cc48...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
May 1, 2025