SB2024082230 - Improper locking in Linux kernel gadget function driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2022-48926)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rndis_register(), rndis_free_response(), rndis_get_next_response() and rndis_add_response() functions in drivers/usb/gadget/function/rndis.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405
• https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038
• https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f
• https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376
• https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a
• https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f
• https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9
• https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.232
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.304
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.103
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.26
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.182