cvelist/2024/57xxx/CVE-2024-57913.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-57913",
        "ASSIGNER": "cve@kernel.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind\n\nThis commit addresses an issue related to below kernel panic where\npanic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON\nin functionsfs_bind, which easily leads to the following scenarios.\n\n1.adb_write in adbd               2. UDC write via configfs\n  =================\t             =====================\n\n->usb_ffs_open_thread()           ->UDC write\n ->open_functionfs()               ->configfs_write_iter()\n  ->adb_open()                      ->gadget_dev_desc_UDC_store()\n   ->adb_write()                     ->usb_gadget_register_driver_owner\n                                      ->driver_register()\n->StartMonitor()                       ->bus_add_driver()\n ->adb_read()                           ->gadget_bind_driver()\n<times-out without BIND event>           ->configfs_composite_bind()\n                                          ->usb_add_function()\n->open_functionfs()                        ->ffs_func_bind()\n ->adb_open()                               ->functionfs_bind()\n                                       <ffs->state !=FFS_ACTIVE>\n\nThe adb_open, adb_read, and adb_write operations are invoked from the\ndaemon, but trying to bind the function is a process that is invoked by\nUDC write through configfs, which opens up the possibility of a race\ncondition between the two paths. In this race scenario, the kernel panic\noccurs due to the WARN_ON from functionfs_bind when panic_on_warn is\nenabled. This commit fixes the kernel panic by removing the unnecessary\nWARN_ON.\n\nKernel panic - not syncing: kernel: panic_on_warn set ...\n[   14.542395] Call trace:\n[   14.542464]  ffs_func_bind+0x1c8/0x14a8\n[   14.542468]  usb_add_function+0xcc/0x1f0\n[   14.542473]  configfs_composite_bind+0x468/0x588\n[   14.542478]  gadget_bind_driver+0x108/0x27c\n[   14.542483]  really_probe+0x190/0x374\n[   14.542488]  __driver_probe_device+0xa0/0x12c\n[   14.542492]  driver_probe_device+0x3c/0x220\n[   14.542498]  __driver_attach+0x11c/0x1fc\n[   14.542502]  bus_for_each_dev+0x104/0x160\n[   14.542506]  driver_attach+0x24/0x34\n[   14.542510]  bus_add_driver+0x154/0x270\n[   14.542514]  driver_register+0x68/0x104\n[   14.542518]  usb_gadget_register_driver_owner+0x48/0xf4\n[   14.542523]  gadget_dev_desc_UDC_store+0xf8/0x144\n[   14.542526]  configfs_write_iter+0xf0/0x138"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "n/a"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Linux",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Linux",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "ddf8abd2599491cbad959c700b90ba72a5dce8d0",
                                            "version_value": "bfe60030fcd976e3546e1f73d6d0eb3fea26442e"
                                        },
                                        {
                                            "version_value": "not down converted",
                                            "x_cve_json_5_version_data": {
                                                "versions": [
                                                    {
                                                        "version": "2.6.35",
                                                        "status": "affected"
                                                    },
                                                    {
                                                        "version": "0",
                                                        "lessThan": "2.6.35",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "5.4.290",
                                                        "lessThanOrEqual": "5.4.*",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "5.10.234",
                                                        "lessThanOrEqual": "5.10.*",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "5.15.177",
                                                        "lessThanOrEqual": "5.15.*",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "6.1.125",
                                                        "lessThanOrEqual": "6.1.*",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "6.6.72",
                                                        "lessThanOrEqual": "6.6.*",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "6.12.10",
                                                        "lessThanOrEqual": "6.12.*",
                                                        "status": "unaffected",
                                                        "versionType": "semver"
                                                    },
                                                    {
                                                        "version": "6.13",
                                                        "lessThanOrEqual": "*",
                                                        "status": "unaffected",
                                                        "versionType": "original_commit_for_fix"
                                                    }
                                                ],
                                                "defaultStatus": "affected"
                                            }
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e"
            },
            {
                "url": "https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1"
            },
            {
                "url": "https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c"
            },
            {
                "url": "https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47"
            },
            {
                "url": "https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d"
            },
            {
                "url": "https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2"
            },
            {
                "url": "https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699",
                "refsource": "MISC",
                "name": "https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699"
            }
        ]
    },
    "generator": {
        "engine": "bippy-5f407fcff5a0"
    }
}