In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem > /sys/power/state There will be a deadlock issue occurring. Detailed invoking path as below: dwc3_suspend_common() spin_lock_irqsave(&dwc->lock, flags); <-- 1st dwc3_gadget_suspend(dwc); dwc3_gadget_soft_disconnect(dwc); spin_lock_irqsave(&dwc->lock, flags); <-- 2nd This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") that removes the code of checking whether dwc->gadget_driver is NULL or not. It causes the following code is executed and deadlock occurs when trying to get the spinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") that forgot to remove the lock of otg mode. So, remove the redundant lock of otg mode during gadget suspend/resume.
History

Sat, 28 Sep 2024 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833

Thu, 12 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 26 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses CWE-667
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-07-29T16:26:26.284Z

Updated: 2024-12-19T09:12:27.222Z

Reserved: 2024-07-29T15:50:41.170Z

Link: CVE-2024-42085

cve-icon Vulnrichment

Updated: 2024-08-02T04:54:32.178Z

cve-icon NVD

Status : Modified

Published: 2024-07-29T17:15:11.240

Modified: 2024-11-21T09:33:33.950

Link: CVE-2024-42085

cve-icon Redhat

Severity : Low

Publid Date: 2024-07-29T00:00:00Z

Links: CVE-2024-42085 - Bugzilla