cve/published/2024/CVE-2024-44960.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-44960: usb: gadget: core: Check for unset descriptor

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 usb: gadget: core: Check for unset descriptor

 Make sure the descriptor has been set before looking at maxpacket.
 This fixes a null pointer panic in this case.

 This may happen if the gadget doesn't properly set up the endpoint
 for the current speed, or the gadget descriptors are malformed and
 the descriptor for the speed/endpoint are not found.

 No current gadget driver is known to have this problem, but this
 may cause a hard-to-find bug during development of new gadgets.

 The Linux kernel CVE team has assigned CVE-2024-44960 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.19.82 with commit d1c188d330ca33cc35d1590441ba276f31144299 and fixed in 4.19.320 with commit ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a
 	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 5.4.282 with commit df8e734ae5e605348aa0ca2498aedb73e815f244
 	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 5.10.224 with commit 7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e
 	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 5.15.165 with commit 50c5248b0ea8aae0529fdf28dac42a41312d3b62
 	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 6.1.105 with commit a0362cd6e503278add954123957fd47990e8d9bf
 	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 6.6.46 with commit 1a9df57d57452b104c46c918569143cf21d7ebf1
 	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 6.10.5 with commit 716cba46f73a92645cf13eded8d257ed48afc2a4
 	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 6.11 with commit 973a57891608a98e894db2887f278777f564de18
 	Issue introduced in 3.16.80 with commit d7e3f2fe01372eb914d0e451f0e7a46cbcb98f9e
 	Issue introduced in 4.4.199 with commit 85c9ece11264499890d0e9f0dee431ac1bda981c
 	Issue introduced in 4.9.199 with commit fc71e39a6c07440e6968227f3db1988f45d7a7b7
 	Issue introduced in 4.14.152 with commit 94f5de2eefae22c449e367c2dacafe869af73e3f
 	Issue introduced in 5.3.9 with commit 8212b44b7109bd30dbf7eb7f5ecbbc413757a7d7

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-44960
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/usb/gadget/udc/core.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a
 	https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244
 	https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e
 	https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62
 	https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf
 	https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1
 	https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4
 	https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-44960: usb: gadget: core: Check for unset descriptor

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	usb: gadget: core: Check for unset descriptor

	Make sure the descriptor has been set before looking at maxpacket.
	This fixes a null pointer panic in this case.

	This may happen if the gadget doesn't properly set up the endpoint
	for the current speed, or the gadget descriptors are malformed and
	the descriptor for the speed/endpoint are not found.

	No current gadget driver is known to have this problem, but this
	may cause a hard-to-find bug during development of new gadgets.

	The Linux kernel CVE team has assigned CVE-2024-44960 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.19.82 with commit d1c188d330ca33cc35d1590441ba276f31144299 and fixed in 4.19.320 with commit ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a
	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 5.4.282 with commit df8e734ae5e605348aa0ca2498aedb73e815f244
	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 5.10.224 with commit 7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e
	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 5.15.165 with commit 50c5248b0ea8aae0529fdf28dac42a41312d3b62
	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 6.1.105 with commit a0362cd6e503278add954123957fd47990e8d9bf
	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 6.6.46 with commit 1a9df57d57452b104c46c918569143cf21d7ebf1
	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 6.10.5 with commit 716cba46f73a92645cf13eded8d257ed48afc2a4
	Issue introduced in 5.4 with commit 54f83b8c8ea9b22082a496deadf90447a326954e and fixed in 6.11 with commit 973a57891608a98e894db2887f278777f564de18
	Issue introduced in 3.16.80 with commit d7e3f2fe01372eb914d0e451f0e7a46cbcb98f9e
	Issue introduced in 4.4.199 with commit 85c9ece11264499890d0e9f0dee431ac1bda981c
	Issue introduced in 4.9.199 with commit fc71e39a6c07440e6968227f3db1988f45d7a7b7
	Issue introduced in 4.14.152 with commit 94f5de2eefae22c449e367c2dacafe869af73e3f
	Issue introduced in 5.3.9 with commit 8212b44b7109bd30dbf7eb7f5ecbbc413757a7d7

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-44960
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/usb/gadget/udc/core.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a
	https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244
	https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e
	https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62
	https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf
	https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1
	https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4
	https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18