CVE - CVE-2022-48926

CVE-ID
CVE-2022-48926	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different list_add at the same time like below. It's better to add in rndis_add_response / rndis_free_response / rndis_get_next_response to prevent any race condition on response list. [ 361.894299] [1: irq/191-dwc3:16979] list_add corruption. next->prev should be prev (ffffff80651764d0), but was ffffff883dc36f80. (next=ffffff80651764d0). [ 361.904380] [1: irq/191-dwc3:16979] Call trace: [ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90 [ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0 [ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84 [ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4 [ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60 [ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0 [ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc [ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc [ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec [ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9 URL:https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9 MISC:https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a URL:https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a MISC:https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038 URL:https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038 MISC:https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376 URL:https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376 MISC:https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405 URL:https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405 MISC:https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f URL:https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f MISC:https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3 URL:https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3 MISC:https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f URL:https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f
Assigning CNA
kernel.org
Date Record Created
20240821	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240821)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)