CVE-2024-57913: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
Description
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
This commit addresses an issue related to below kernel panic where
panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON
in functionsfs_bind, which easily leads to the following scenarios.
1.adb_write in adbd 2. UDC write via configfs
================= =====================
->usb_ffs_open_thread() ->UDC write
->open_functionfs() ->configfs_write_iter()
->adb_open() ->gadget_dev_desc_UDC_store()
->adb_write() ->usb_gadget_register_driver_owner
->driver_register()
->StartMonitor() ->bus_add_driver()
->adb_read() ->gadget_bind_driver()
->configfs_composite_bind()
->usb_add_function()
->open_functionfs() ->ffs_func_bind()
->adb_open() ->functionfs_bind()
state !=FFS_ACTIVE>
The adb_open, adb_read, and adb_write operations are invoked from the
daemon, but trying to bind the function is a process that is invoked by
UDC write through configfs, which opens up the possibility of a race
condition between the two paths. In this race scenario, the kernel panic
occurs due to the WARN_ON from functionfs_bind when pani...
Classification
CVE ID: CVE-2024-57913
Affected Products
Vendor: Linux
Product: Linux
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 12.58% (scored less or equal to compared to others)
EPSS Date: 2025-02-17 (when was this score calculated)
References
https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d
https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2
https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699