236 matches found
CVE-2024-46674
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undoplatformdevalloc" is entirely bogus. It drops the reference count from...
CVE-2024-46674 usb: dwc3: st: fix probed platform device ref count on probe error path
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undoplatformdevalloc" is entirely bogus. It drops the reference count from...
CVE-2024-46674
CVE-2024-46674 affects the Linux kernel USB/DWC3 ST platform path. The vulnerability stems from a probe error path that drops a platform device reference count due to an unused undo_platform_dev_alloc, causing unbalanced references and potential use-after-free when devm-managed resources are rele...
CVE-2024-46674 usb: dwc3: st: fix probed platform device ref count on probe error path
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undoplatformdevalloc" is entirely bogus. It drops the reference count from...
CVE-2024-45027
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci-interrupters being allocated in xhcimemclearup If xhcimeminit fails, it calls into xhcimemcleanup to mop up the damage. If it fails early enough, before xhci-interrupters is allocated but after...
CVE-2024-44960 usb: gadget: core: Check for unset descriptor
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for...
CVE-2024-42085
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIGUSBDWC3DUALROLE is selected, and trigger system to enter suspend status with below command: echo mem /sys/power/state There...
CVE-2022-48836 Input: aiptek - properly check endpoint type
In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usbsubmiturb which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old...
CVE-2022-48834 usb: usbtmc: Fix bug in pipe direction for control transfers
In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0 WARNING: CPU: 0 PID: 3813 at...
CVE-2023-52886
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev-descriptor in hubportinit Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: slab-out-of-bounds in readdescriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Re...
CVE-2023-52886
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev-descriptor in hubportinit Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: slab-out-of-bounds in readdescriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Re...
CVE-2023-52886 USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev-descriptor in hubportinit Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: slab-out-of-bounds in readdescriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Re...
CVE-2023-52886
The CVE-2023-52886 entry describes a race in the Linux kernel USB core where hub_port_init() can overwrite udev->descriptor while read_descriptors() (sysfs.c) is reading it, enabling a slab-out-of-bounds read (KASAN) observed in syzbot. The root cause is a race between read_descriptors() and h...
CVE-2023-52886 USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev-descriptor in hubportinit Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: slab-out-of-bounds in readdescriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Re...
CVE-2022-48761
In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 1 PREEMPT SMP Modules linked in: CPU: 2 PID: 244...
CVE-2021-47582
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make doproccontrol and doprocbulk killable The USBDEVFSCONTROL and USBDEVFSBULK ioctls invoke usbstartwaiturb, which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large...
CVE-2022-48761
CVE-2022-48761 affects the Linux kernel USB xhci-plat code. The issue occurs on platforms like i.MX8QM during suspend with remote wake enabled, where xhci_suspend disables the hub wake and then accesses registers after the device clock is gated by run-time suspend. The underlying root cause was t...
CVE-2022-48760 USB: core: Fix hang in usb_kill_urb by adding memory barriers
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usbkillurb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usbkillurb to return. It turns out the issue is not unlinking the URB; that works just fine...
CVE-2021-47582
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make doproccontrol and doprocbulk killable The USBDEVFSCONTROL and USBDEVFSBULK ioctls invoke usbstartwaiturb, which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large...
CVE-2021-47582
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make doproccontrol and doprocbulk killable The USBDEVFSCONTROL and USBDEVFSBULK ioctls invoke usbstartwaiturb, which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large...