CVE: CVE-2024-42085

Descrizione: In the Linux kernel, the following vulnerability has been fixed: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When CONFIG_USB_DWC3_DUAL_ROLE is selected and the system triggers suspend status with the following command: echo mem > /sys/power/state There will be a deadlock issue occurring. Detailed invoking path as follows: dwc3_suspend_common() spin_lock_irqsave(&dwc->lock, flags); <-- 1st dwc3_gadget_suspend(dwc); dwc3_gadget_soft_disconnect(dwc); spin_lock_irqsave(&dwc->lock, flags); <-- 2nd This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") that removes the code of checking whether dwc->gadget_driver is NULL or not. It causes the following code to be executed and deadlock occurs when trying to get the spinlock. In fact, the root cause is the commit 5265397f9442(“usb: dwc3: Remove DWC3 locking during gadget suspend/resume”) that forgot to remove the lock of otg mode. So, remove the redundant lock of otg mode during gadget suspend/resume.

Vettore di attacco

Riferimenti esterni

• https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c
• https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63
• https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649
• https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276
• https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136

Prodotti interessati

• Linux – Linux
• Linux – Linux

Relazioni con altri prodotti

Produttore:Linux
Prodotto: Linux
Anno: 2024
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2024)