• CVE-2022-48926

发布时间: 2024年9月14日

修改时间: 2024年9月18日

概要

In the Linux kernel, the following vulnerability has been resolved:usb: gadget: rndis: add spinlock for rndis response listThere s no lock for rndis response list. It could cause list corruptionif there re two different list_add at the same time like below.It s better to add in rndis_add_response / rndis_free_response/ rndis_get_next_response to prevent any race condition on response list.[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.next->prev should be prev (ffffff80651764d0),but was ffffff883dc36f80. (next=ffffff80651764d0).[ 361.904380] [1: irq/191-dwc3:16979] Call trace:[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c

CVSS v3 指标

NVD openEuler
Confidentiality High High
Attack Vector Local Local
CVSS评分 7.8 7.8
Attack Complexity Low Low
Privileges Required Low Low
Scope Unchanged Unchanged
Integrity High High
User Interaction None None
Availability High High

安全公告

公告名 概要 发布时间
KylinSec-SA-2024-4858 kernel security update 2025年2月17日

影响产品

产品 状态
KY3.4-5 kernel Fixed