CVE-2021-46930 usb: mtu3: fix list_head check warning

2024-02-2709:43:58

Linux

www.cve.org

linux

usb mtu3

list_head

warning

vulnerability

fix

uninitialization

kasan

use-after-free

call trace

bug

cve

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

usb: mtu3: fix list_head check warning

This is caused by uninitialization of list_head.

BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4

Call trace:
dump_backtrace+0x0/0x298
show_stack+0x24/0x34
dump_stack+0x130/0x1a8
print_address_description+0x88/0x56c
__kasan_report+0x1b8/0x2a0
kasan_report+0x14/0x20
__asan_load8+0x9c/0xa0
__list_del_entry_valid+0x34/0xe4
mtu3_req_complete+0x4c/0x300 [mtu3]
mtu3_gadget_stop+0x168/0x448 [mtu3]
usb_gadget_unregister_driver+0x204/0x3a0
unregister_gadget_item+0x44/0xa4

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/usb/mtu3/mtu3_gadget.c"
    ],
    "versions": [
      {
        "version": "83374e035b62",
        "lessThan": "585e2b244dda",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "83374e035b62",
        "lessThan": "3b6efe0b7ba0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "83374e035b62",
        "lessThan": "249ddfbe0057",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "83374e035b62",
        "lessThan": "8c313e3bfd9a",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/usb/mtu3/mtu3_gadget.c"
    ],
    "versions": [
      {
        "version": "5.2",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.2",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.170",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.90",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.13",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]