CVE-2022-49937

Published: Jun 18, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40 WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410 usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 Code: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8 44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b e9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41 RSP: 0018:ffffc900032becf0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000 RDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90 RBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000 R10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000 R13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500 FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0 Call Trace: <TASK> usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153 mceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline] mceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807 The reason for the warning is clear enough; the driver sends an unusual read request on endpoint 0 but does not set the USB_DIR_IN bit in the bRequestType field. More importantly, the whole situation can be avoided and the driver simplified by converting it over to the relatively new usb_control_msg_recv() and usb_control_msg_send() routines. That's what this fix does.

Vendor	Product	Versions
Linux	Linux	affected `66e89522aff70fb2701ba8f6845fdcd365dd2ade - < 587f793c64d99d92be8ef01c4c69d885a3f2edb6` affected `66e89522aff70fb2701ba8f6845fdcd365dd2ade - < 75913c562f5ba4cf397d835c63f443879167c6f6` affected `66e89522aff70fb2701ba8f6845fdcd365dd2ade - < d69c738ac9310b56e84c51c8f09fc018a8291bc6` affected `66e89522aff70fb2701ba8f6845fdcd365dd2ade - < 608e58a0f4617977178131f5f68a3fce1d3f5316`
Linux	Linux	affected `2.6.36` unaffected `0 - < 2.6.36` unaffected `5.10.142 - <= 5.10.` unaffected `5.15.66 - <= 5.15.` unaffected `5.19.8 - <= 5.19.*` +1 more versions

References

https://git.kernel.org/stable/c/587f793c64d99d92be8ef01c4c69d885a3f2edb6

https://git.kernel.org/stable/c/75913c562f5ba4cf397d835c63f443879167c6f6

https://git.kernel.org/stable/c/d69c738ac9310b56e84c51c8f09fc018a8291bc6

https://git.kernel.org/stable/c/608e58a0f4617977178131f5f68a3fce1d3f5316

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49937

Description

Affected Products

References