CVE-2024-35822

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: udc: remove warning when queue disabled ep

It is possible trigger below warning message from mass storage function,

WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c

Root cause is mass storage function try to queue request from main thread, but other thread may already disable ep when function disable.

As there is no function failure in the driver, in order to avoid effort to fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < 2b002c308e184feeaeb72987bca3f1b11e5f70b8affected
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < 68d951880d0c52c7f13dcefb5501b69b8605ce8caffected
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < 3e944ddc17c042945d983e006df7860687a8849aaffected
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < df5cbb908f1687e8ab97e222a16b7890d5501acfaffected
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < f74c5e0b54b02706d9a862ac6cddade30ac86bcfaffected
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < 99731076722eb7ed26b0c87c879da7bb71d24290affected
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < 36177c2595df12225b95ce74eb1ac77b43d5a58caffected
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < 30511676eb54d480d014352bf784f02577a10252affected
LinuxLinux8a0859b65b06ea07461271ce4f1fe25b48d1ec55 < 2a587a035214fa1b5ef598aea0b81848c5b72e5eaffected
LinuxLinux4.5affected
LinuxLinux0 < 4.5unaffected
LinuxLinux4.19.312 <= 4.19.*unaffected
LinuxLinux5.4.274 <= 5.4.*unaffected
LinuxLinux5.10.215 <= 5.10.*unaffected
LinuxLinux5.15.154 <= 5.15.*unaffected
LinuxLinux6.1.84 <= 6.1.*unaffected
LinuxLinux6.6.24 <= 6.6.*unaffected
LinuxLinux6.7.12 <= 6.7.*unaffected
LinuxLinux6.8.3 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References