cve/published/2024/CVE-2024-26747.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26747: usb: roles: fix NULL pointer issue when put module's reference

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 usb: roles: fix NULL pointer issue when put module's reference

 In current design, usb role class driver will get usb_role_switch parent's
 module reference after the user get usb_role_switch device and put the
 reference after the user put the usb_role_switch device. However, the
 parent device of usb_role_switch may be removed before the user put the
 usb_role_switch. If so, then, NULL pointer issue will be met when the user
 put the parent module's reference.

 This will save the module pointer in structure of usb_role_switch. Then,
 we don't need to find module by iterating long relations.

 The Linux kernel CVE team has assigned CVE-2024-26747 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 5.10.211 with commit e279bf8e51893e1fe160b3d8126ef2dd00f661e1
 	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 5.15.150 with commit ef982fc41055fcebb361a92288d3225783d12913
 	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 6.1.80 with commit 0158216805ca7e498d07de38840d2732166ae5fa
 	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 6.6.19 with commit 4b45829440b1b208948b39cc71f77a37a2536734
 	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 6.7.7 with commit 01f82de440f2ab07c259b7573371e1c42e5565db
 	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 6.8 with commit 1c9be13846c0b2abc2480602f8ef421360e1ad9e
 	Issue introduced in 4.18.12 with commit 7b169e33a3bc9040e06988b2bc15e83d2af80358

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26747
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/usb/roles/class.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1
 	https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913
 	https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa
 	https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734
 	https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db
 	https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26747: usb: roles: fix NULL pointer issue when put module's reference

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	usb: roles: fix NULL pointer issue when put module's reference

	In current design, usb role class driver will get usb_role_switch parent's
	module reference after the user get usb_role_switch device and put the
	reference after the user put the usb_role_switch device. However, the
	parent device of usb_role_switch may be removed before the user put the
	usb_role_switch. If so, then, NULL pointer issue will be met when the user
	put the parent module's reference.

	This will save the module pointer in structure of usb_role_switch. Then,
	we don't need to find module by iterating long relations.

	The Linux kernel CVE team has assigned CVE-2024-26747 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 5.10.211 with commit e279bf8e51893e1fe160b3d8126ef2dd00f661e1
	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 5.15.150 with commit ef982fc41055fcebb361a92288d3225783d12913
	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 6.1.80 with commit 0158216805ca7e498d07de38840d2732166ae5fa
	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 6.6.19 with commit 4b45829440b1b208948b39cc71f77a37a2536734
	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 6.7.7 with commit 01f82de440f2ab07c259b7573371e1c42e5565db
	Issue introduced in 4.19 with commit 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b and fixed in 6.8 with commit 1c9be13846c0b2abc2480602f8ef421360e1ad9e
	Issue introduced in 4.18.12 with commit 7b169e33a3bc9040e06988b2bc15e83d2af80358

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26747
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/usb/roles/class.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1
	https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913
	https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa
	https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734
	https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db
	https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e