SB2024062762 - Improper locking in Linux kernel gadget udc driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-35822)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8
• https://git.kernel.org/stable/c/68d951880d0c52c7f13dcefb5501b69b8605ce8c
• https://git.kernel.org/stable/c/3e944ddc17c042945d983e006df7860687a8849a
• https://git.kernel.org/stable/c/df5cbb908f1687e8ab97e222a16b7890d5501acf
• https://git.kernel.org/stable/c/f74c5e0b54b02706d9a862ac6cddade30ac86bcf
• https://git.kernel.org/stable/c/99731076722eb7ed26b0c87c879da7bb71d24290
• https://git.kernel.org/stable/c/36177c2595df12225b95ce74eb1ac77b43d5a58c
• https://git.kernel.org/stable/c/30511676eb54d480d014352bf784f02577a10252
• https://git.kernel.org/stable/c/2a587a035214fa1b5ef598aea0b81848c5b72e5e
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3