In the Linux kernel, the following vulnerability has been resolved:
usb: roles: fix NULL pointer issue when put module’s reference
In current design, usb role class driver will get usb_role_switch parent’s
module reference after the user get usb_role_switch device and put the
reference after the user put the usb_role_switch device. However, the
parent device of usb_role_switch may be removed before the user put the
usb_role_switch. If so, then, NULL pointer issue will be met when the user
put the parent module’s reference.
This will save the module pointer in structure of usb_role_switch. Then,
we don’t need to find module by iterating long relations.
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/usb/roles/class.c"
],
"versions": [
{
"version": "5c54fcac9a9d",
"lessThan": "e279bf8e5189",
"status": "affected",
"versionType": "git"
},
{
"version": "5c54fcac9a9d",
"lessThan": "ef982fc41055",
"status": "affected",
"versionType": "git"
},
{
"version": "5c54fcac9a9d",
"lessThan": "0158216805ca",
"status": "affected",
"versionType": "git"
},
{
"version": "5c54fcac9a9d",
"lessThan": "4b45829440b1",
"status": "affected",
"versionType": "git"
},
{
"version": "5c54fcac9a9d",
"lessThan": "01f82de440f2",
"status": "affected",
"versionType": "git"
},
{
"version": "5c54fcac9a9d",
"lessThan": "1c9be13846c0",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"drivers/usb/roles/class.c"
],
"versions": [
{
"version": "4.19",
"status": "affected"
},
{
"version": "0",
"lessThan": "4.19",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.211",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.150",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.80",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6.19",
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.7.7",
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.8",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa
git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db
git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e
git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734
git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1
git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913
lists.debian.org/debian-lts-announce/2024/06/msg00017.html