Daehwan Jung

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The vulnerability is related to a lack of locking in the rndis response list, which could cause list corruption if two different list add operations occur at the same time. This issue can be prevented by adding a spinlock in the rndis add response, rndis free response, and rndis get next response functions. The vulnerability affects the confidentiality, integrity, and availability of data. Technical details about exploitation include: - The `rndis msg parser` function is involved in the vulnerability. - The `rndis command complete` function is also affected. - The `usb gadget giveback request` function is part of the call trace. - The `dwc3 gadget giveback` function is involved in the vulnerability. - The `dwc3 ep0 complete data` function is part of the call trace. - The `dwc3 ep0 interrupt` function is affected. - The `dwc3 process event entry` function is involved in the vulnerability. - The `dwc3 process event buf` function is part of the call trace. - The `dwc3 thread interrupt` function is affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.