USB Driver Vulnerability in Linux Kernel Affecting Media Devices by Open Source Community
CVE-2022-49937

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-49937?

An issue has been identified within the mceusb driver in the Linux kernel, where improper handling of USB control messages can lead to erroneous behavior. The driver fails to correctly set the USB direction in the bRequestType field when sending a control message. This oversight can result in warnings and potential instability by failing to align with expected communication protocols. A fix has been introduced to streamline the driver code, enhancing reliability and simplifying the communication process through the newly implemented usb_control_msg_recv() and usb_control_msg_send() routines.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 587f793c64d99d92be8ef01c4c69d885a3f2edb6

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 75913c562f5ba4cf397d835c63f443879167c6f6

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4...

https://git.kernel.org/stable/c/75913c562f5ba4cf397d835c6...

https://git.kernel.org/stable/c/d69c738ac9310b56e84c51c8f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
May 1, 2025