SB2024062183 - Improper locking in Linux kernel gadget function driver
Published: June 21, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062183
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-38628)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the free_ep_fback(), u_audio_set_volume(), u_audio_set_mute() and g_audio_setup() functions in drivers/usb/gadget/function/u_audio.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09
- https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0
- https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068
- https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33