| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind\n\nThis commit addresses an issue related to below kernel panic where\npanic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON\nin functionsfs_bind, which easily leads to the following scenarios.\n\n1.adb_write in adbd 2. UDC write via configfs\n =================\t =====================\n\n->usb_ffs_open_thread() ->UDC write\n ->open_functionfs() ->configfs_write_iter()\n ->adb_open() ->gadget_dev_desc_UDC_store()\n ->adb_write() ->usb_gadget_register_driver_owner\n ->driver_register()\n->StartMonitor() ->bus_add_driver()\n ->adb_read() ->gadget_bind_driver()\n<times-out without BIND event> ->configfs_composite_bind()\n ->usb_add_function()\n->open_functionfs() ->ffs_func_bind()\n ->adb_open() ->functionfs_bind()\n <ffs->state !=FFS_ACTIVE>\n\nThe adb_open, adb_read, and adb_write operations are invoked from the\ndaemon, but trying to bind the function is a process that is invoked by\nUDC write through configfs, which opens up the possibility of a race\ncondition between the two paths. In this race scenario, the kernel panic\noccurs due to the WARN_ON from functionfs_bind when panic_on_warn is\nenabled. This commit fixes the kernel panic by removing the unnecessary\nWARN_ON.\n\nKernel panic - not syncing: kernel: panic_on_warn set ...\n[ 14.542395] Call trace:\n[ 14.542464] ffs_func_bind+0x1c8/0x14a8\n[ 14.542468] usb_add_function+0xcc/0x1f0\n[ 14.542473] configfs_composite_bind+0x468/0x588\n[ 14.542478] gadget_bind_driver+0x108/0x27c\n[ 14.542483] really_probe+0x190/0x374\n[ 14.542488] __driver_probe_device+0xa0/0x12c\n[ 14.542492] driver_probe_device+0x3c/0x220\n[ 14.542498] __driver_attach+0x11c/0x1fc\n[ 14.542502] bus_for_each_dev+0x104/0x160\n[ 14.542506] driver_attach+0x24/0x34\n[ 14.542510] bus_add_driver+0x154/0x270\n[ 14.542514] driver_register+0x68/0x104\n[ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4\n[ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144\n[ 14.542526] configfs_write_iter+0xf0/0x138" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/usb/gadget/function/f_fs.c" |
| ], |
| "versions": [ |
| { |
| "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0", |
| "lessThan": "bfe60030fcd976e3546e1f73d6d0eb3fea26442e", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0", |
| "lessThan": "3e4d32cc145955d5c56c5498a3ff057e4aafa9d1", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0", |
| "lessThan": "19fc1c83454ca9d5699e39633ec79ce26355251c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0", |
| "lessThan": "82f60f3600aecd9ffcd0fbc4e193694511c85b47", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0", |
| "lessThan": "ea6a1498742430eb2effce0d1439ff29ef37dd7d", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0", |
| "lessThan": "a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ddf8abd2599491cbad959c700b90ba72a5dce8d0", |
| "lessThan": "dfc51e48bca475bbee984e90f33fdc537ce09699", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/usb/gadget/function/f_fs.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.35", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.35", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.290", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.234", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.177", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.125", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.72", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.10", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "5.4.290" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "5.10.234" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "5.15.177" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.1.125" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.6.72" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.12.10" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.35", |
| "versionEndExcluding": "6.13" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699" |
| } |
| ], |
| "title": "usb: gadget: f_fs: Remove WARN_ON in functionfs_bind", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-57913", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
