4 matches found
UBUNTU-CVE-2025-40095
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Refactor bind path to use free After an bind/unbind cycle, the rndis-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...
CVE-2022-48926
A vulnerability found in the Linux kernel’s USB gadget in the RNDIS subsystem was resolved by adding a spinlock to protect the RNDIS response list. The lack of synchronization previously allowed concurrent listadd operations, leading to list corruption and potential crashes. Mitigation Mitigation...
CVE-2022-48926 usb: gadget: rndis: add spinlock for rndis response list
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different listadd at the same time like below. It's better to add in rndisaddrespons...
CVE-2022-48837
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndissetresponse If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow...