Astra Linux – Vulnerability in Linux, Linux 5.10

A issue was discovered in the drivers/usb/gadget/composite.c file within the Linux kernel before version 5.16.10. The USB Gadget subsystem lacks certain validations for interface OS descriptor requests those with a large array index and those associated with NULL function pointer retrieval. Memor...

CVE-2021-47272 usb: dwc3: gadget: Bail from dwc3_gadget_exit() if dwc->gadget is NULL

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail from dwc3gadgetexit if dwc-gadget is NULL There exists a possible scenario in which dwc3gadgetinit can fail: during during host - peripheral mode switch in dwc3setmode, and a pending gadget driver fails to...