CVE-2024-57913

MEDIUM EPSS 6.0%
Published Jan 19, 20251y ago · Modified Jun 17, 20262w ago
4.7 CVSS 3.1
Medium
Find Similar
Published Jan 19, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->gadget_dev_desc_UDC_store() ->adb_write() ->usb_gadget_register_driver_owner ->driver_register() ->StartMonitor() ->bus_add_driver() ->adb_read() ->gadget_bind_driver() <times-out without BIND event> ->configfs_composite_bind() ->usb_add_function() ->open_functionfs() ->ffs_func_bind() ->adb_open() ->functionfs_bind() <ffs->state !=FFS_ACTIVE> The adb_open, adb_read, and adb_write operations are invoked from the daemon, but trying to bind the function is a process that is invoked by UDC write through configfs, which opens up the possibility of a race condition between the two paths. In this race scenario, the kernel panic occurs due to the WARN_ON from functionfs_bind when panic_on_warn is enabled. This commit fixes the kernel panic by removing the unnecessary WARN_ON. Kernel panic - not syncing: kernel: panic_on_warn set ... [ 14.542395] Call trace: [ 14.542464] ffs_func_bind+0x1c8/0x14a8 [ 14.542468] usb_add_function+0xcc/0x1f0 [ 14.542473] configfs_composite_bind+0x468/0x588 [ 14.542478] gadget_bind_driver+0x108/0x27c [ 14.542483] really_probe+0x190/0x374 [ 14.542488] __driver_probe_device+0xa0/0x12c [ 14.542492] driver_probe_device+0x3c/0x220 [ 14.542498] __driver_attach+0x11c/0x1fc [ 14.542502] bus_for_each_dev+0x104/0x160 [ 14.542506] driver_attach+0x24/0x34 [ 14.542510] bus_add_driver+0x154/0x270 [ 14.542514] driver_register+0x68/0x104 [ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4 [ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144 [ 14.542526] configfs_write_iter+0xf0/0x138

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.35  –  <5.4.290
linuxlinux_kernel*≥5.5  –  <5.10.234
linuxlinux_kernel*≥5.11  –  <5.15.177
linuxlinux_kernel*≥5.16  –  <6.1.125
linuxlinux_kernel*≥6.2  –  <6.6.72
linuxlinux_kernel*≥6.7  –  <6.12.10
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any
linuxlinux_kernel6.13any

References 10

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d
    Patch