CVE-2022-4662: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-4662 is a vulnerability discovered in the Linux kernel USB core subsystem, specifically related to incorrect access control when attaching USB devices. The vulnerability was disclosed in December 2022 and affects Linux kernel versions up to (excluding) 6.0 (NVD).

The vulnerability stems from the USB core subsystem's handling of nested reset events, which could lead to recursive locking violations. The issue was identified through automatic kernel fuzzing that revealed a recursive locking violation in the USB storage subsystem. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability allows a local user with physical access to cause a denial of service condition by triggering a kernel deadlock. This can be achieved by plugging in a specially crafted USB device (Ubuntu).

The vulnerability was patched in Linux kernel 6.0-rc4 with the addition of a reset_in_progress flag to prevent nested resets. The fix prevents nested device reset attempts by checking this flag before proceeding with reset operations. Multiple Linux distributions have released security updates to address this vulnerability (Kernel Patch).