In the Linux kernel, the following vulnerability has been resolved:
usb: mtu3: fix list_head check warning
This is caused by uninitialization of list_head.
BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4
Call trace:
dump_backtrace+0x0/0x298
show_stack+0x24/0x34
dump_stack+0x130/0x1a8
print_address_description+0x88/0x56c
__kasan_report+0x1b8/0x2a0
kasan_report+0x14/0x20
__asan_load8+0x9c/0xa0
__list_del_entry_valid+0x34/0xe4
mtu3_req_complete+0x4c/0x300 [mtu3]
mtu3_gadget_stop+0x168/0x448 [mtu3]
usb_gadget_unregister_driver+0x204/0x3a0
unregister_gadget_item+0x44/0xa4
[
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "83374e035b62",
"lessThan": "585e2b244dda",
"versionType": "git"
},
{
"status": "affected",
"version": "83374e035b62",
"lessThan": "3b6efe0b7ba0",
"versionType": "git"
},
{
"status": "affected",
"version": "83374e035b62",
"lessThan": "249ddfbe0057",
"versionType": "git"
},
{
"status": "affected",
"version": "83374e035b62",
"lessThan": "8c313e3bfd9a",
"versionType": "git"
}
],
"programFiles": [
"drivers/usb/mtu3/mtu3_gadget.c"
],
"defaultStatus": "unaffected"
},
{
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"product": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"status": "unaffected",
"version": "0",
"lessThan": "5.2",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "5.4.170",
"versionType": "custom",
"lessThanOrEqual": "5.4.*"
},
{
"status": "unaffected",
"version": "5.10.90",
"versionType": "custom",
"lessThanOrEqual": "5.10.*"
},
{
"status": "unaffected",
"version": "5.15.13",
"versionType": "custom",
"lessThanOrEqual": "5.15.*"
},
{
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix",
"lessThanOrEqual": "*"
}
],
"programFiles": [
"drivers/usb/mtu3/mtu3_gadget.c"
],
"defaultStatus": "affected"
}
]