mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
157 lines
9.3 KiB
JSON
157 lines
9.3 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-56670",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer\n\nConsidering that in some extreme cases,\nwhen u_serial driver is accessed by multiple threads,\nThread A is executing the open operation and calling the gs_open,\nThread B is executing the disconnect operation and calling the\ngserial_disconnect function,The port->port_usb pointer will be set to NULL.\n\nE.g.\n Thread A Thread B\n gs_open() gadget_unbind_driver()\n gs_start_io() composite_disconnect()\n gs_start_rx() gserial_disconnect()\n ... ...\n spin_unlock(&port->port_lock)\n status = usb_ep_queue() spin_lock(&port->port_lock)\n spin_lock(&port->port_lock) port->port_usb = NULL\n gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock)\n Crash\n\nThis causes thread A to access a null pointer (port->port_usb is null)\nwhen calling the gs_free_requests function, causing a crash.\n\nIf port_usb is NULL, the release request will be skipped as it\nwill be done by gserial_disconnect.\n\nSo add a null pointer check to gs_start_io before attempting\nto access the value of the pointer port->port_usb.\n\nCall trace:\n gs_start_io+0x164/0x25c\n gs_open+0x108/0x13c\n tty_open+0x314/0x638\n chrdev_open+0x1b8/0x258\n do_dentry_open+0x2c4/0x700\n vfs_open+0x2c/0x3c\n path_openat+0xa64/0xc60\n do_filp_open+0xb8/0x164\n do_sys_openat2+0x84/0xf0\n __arm64_sys_openat+0x70/0x9c\n invoke_syscall+0x58/0x114\n el0_svc_common+0x80/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x38/0x68"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "c1dca562be8ada614ef193aa246c6f8705bcd6b9",
|
|
"version_value": "4efdfdc32d8d6307f968cd99f1db64468471bab1"
|
|
},
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"version": "2.6.27",
|
|
"status": "affected"
|
|
},
|
|
{
|
|
"version": "0",
|
|
"lessThan": "2.6.27",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.4.288",
|
|
"lessThanOrEqual": "5.4.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.10.232",
|
|
"lessThanOrEqual": "5.10.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "5.15.175",
|
|
"lessThanOrEqual": "5.15.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.1.121",
|
|
"lessThanOrEqual": "6.1.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.6.67",
|
|
"lessThanOrEqual": "6.6.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.12.6",
|
|
"lessThanOrEqual": "6.12.*",
|
|
"status": "unaffected",
|
|
"versionType": "semver"
|
|
},
|
|
{
|
|
"version": "6.13-rc3",
|
|
"lessThanOrEqual": "*",
|
|
"status": "unaffected",
|
|
"versionType": "original_commit_for_fix"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4efdfdc32d8d6307f968cd99f1db64468471bab1",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/4efdfdc32d8d6307f968cd99f1db64468471bab1"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/28b3c03a6790de1f6f2683919ad657840f0f0f58",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/28b3c03a6790de1f6f2683919ad657840f0f0f58"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/1247e1df086aa6c17ab53cd1bedce70dd7132765",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/1247e1df086aa6c17ab53cd1bedce70dd7132765"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/c83213b6649d22656b3a4e92544ceeea8a2c6c07",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/c83213b6649d22656b3a4e92544ceeea8a2c6c07"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/8ca07a3d18f39b1669927ef536e485787e856df6",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/8ca07a3d18f39b1669927ef536e485787e856df6"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/dd6b0ca6025f64ccb465a6a3460c5b0307ed9c44",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/dd6b0ca6025f64ccb465a6a3460c5b0307ed9c44"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/4cfbca86f6a8b801f3254e0e3c8f2b1d2d64be2b",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/4cfbca86f6a8b801f3254e0e3c8f2b1d2d64be2b"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-5f407fcff5a0"
|
|
}
|
|
} |