| The CVE-2021-46930 vulnerability is a use-after-free bug in the Linux kernel's `mtu3` USB gadget driver. It occurs due to the uninitialization of a `list_head` structure, leading to a crash or potential exploitation when attempting to free a list entry. |
| |
| The bug was introduced in kernel version 5.2 with commit `83374e035b62` and was fixed in various subsequent kernel versions, including 5.4.170, 5.10.90, 5.15.13, and 5.16. |
| |
| The affected file is `drivers/usb/mtu3/mtu3_gadget.c`. The vulnerability can be mitigated by updating to the latest stable kernel version or applying individual patches from specific commits (listed in the CVE report). |
| |
| The use-after-free bug was detected using KASAN (Kernel Address Sanitizer) and manifests as a crash when attempting to delete an entry from a list. The call trace shows that the `__list_del_entry_valid` function is called with an uninitialized `list_head`, leading to the crash. |
| |
| This vulnerability highlights the importance of proper initialization and memory management in kernel code, especially when working with complex data structures like linked lists. |
| |
