发布时间: 2024年9月14日
修改时间: 2024年9月18日
In the Linux kernel, the following vulnerability has been resolved:usb: gadget: rndis: add spinlock for rndis response listThere s no lock for rndis response list. It could cause list corruptionif there re two different list_add at the same time like below.It s better to add in rndis_add_response / rndis_free_response/ rndis_get_next_response to prevent any race condition on response list.[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.next->prev should be prev (ffffff80651764d0),but was ffffff883dc36f80. (next=ffffff80651764d0).[ 361.904380] [1: irq/191-dwc3:16979] Call trace:[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c
NVD | openEuler | |
---|---|---|
Confidentiality | High | High |
Attack Vector | Local | Local |
CVSS评分 | 7.8 | 7.8 |
Attack Complexity | Low | Low |
Privileges Required | Low | Low |
Scope | Unchanged | Unchanged |
Integrity | High | High |
User Interaction | None | None |
Availability | High | High |
公告名 | 概要 | 发布时间 |
---|---|---|
KylinSec-SA-2024-4858 | kernel security update | 2025年2月17日 |
产品 | 包 | 状态 |
---|---|---|
KY3.4-5 | kernel | Fixed |