In the Linux kernel, the following vulnerability has been resolved: usb:
musb: dsps: Fix the probe error path Commit 7c75bde329d7 (“usb: musb:
musb_dsps: request_irq() after initializing musb”) has inverted the calls
to dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() without
updating correctly the error path. dsps_create_musb_pdev() allocates and
registers a new platform device which must be unregistered and freed with
platform_device_unregister(), and this is missing upon
dsps_setup_optional_vbus_irq() error. While on the master branch it seems
not to trigger any issue, I observed a kernel crash because of a NULL
pointer dereference with a v5.10.70 stable kernel where the patch mentioned
above was backported. With this kernel version, -EPROBE_DEFER is returned
the first time dsps_setup_optional_vbus_irq() is called which triggers the
probe to error out without unregistering the platform device.
Unfortunately, on the Beagle Bone Black Wireless, the platform device still
living in the system is being used by the USB Ethernet gadget driver, which
during the boot phase triggers the crash. My limited knowledge of the musb
world prevents me to revert this commit which was sent to silence a robot
warning which, as far as I understand, does not make sense. The goal of
this patch was to prevent an IRQ to fire before the platform device being
registered. I think this cannot ever happen due to the fact that enabling
the interrupts is done by the ->enable() callback of the platform musb
device, and this platform device must be already registered in order for
the core or any other user to use this callback. Hence, I decided to fix
the error path, which might prevent future errors on mainline kernels while
also fixing older ones.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-4.15 | < any | UNKNOWN |
git.kernel.org/linus/c2115b2b16421d93d4993f3fe4c520e91d6fe801 (5.15-rc6)
git.kernel.org/stable/c/5ed60a430fb5f3d93e7fef66264daef466b4d10c
git.kernel.org/stable/c/9ab5d539bc975b8dcde86eca1b58d836b657732e
git.kernel.org/stable/c/9d89e287116796bf987cc48f5c8632ef3048f8eb
git.kernel.org/stable/c/c2115b2b16421d93d4993f3fe4c520e91d6fe801
git.kernel.org/stable/c/e923bce31ffefe4f60edfc6b84f62d4a858f3676
git.kernel.org/stable/c/ff9249aab39820be11b6975a10d94253b7d426fc
launchpad.net/bugs/cve/CVE-2021-47436
nvd.nist.gov/vuln/detail/CVE-2021-47436
security-tracker.debian.org/tracker/CVE-2021-47436
www.cve.org/CVERecord?id=CVE-2021-47436