Kyungtae Kim

Name of the Vulnerable Software and Affected Versions: conn gadget driver versions prior to SMR AUG-2021 Release 1 Description: A use after free issue in the conn gadget driver allows malicious action by an attacker. Recommendations: For versions prior to SMR AUG-2021 Release 1, update to SMR AUG-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability was found in the Linux kernel, where accessing a deallocated instance in `printer ioctl()` occurs because it tries to access a `printer dev` instance that had been freed by `gprinter free()`. This results in a use-after-free issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 4.4 through 5.7.6 **Description** The issue is related to a memory leak in the `usbtest disconnect` function. This function is part of the Linux kernel and is located in `drivers/usb/misc/usbtest.c`. The memory leak occurs when resources are not properly released after they are no longer needed. An attacker could potentially exploit this issue to cause a denial of service. **Recommendations** For Linux kernel versions 4.4 through 5.7.6, consider updating to a version that includes a fix for the memory leak in the `usbtest disconnect` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.16 through 5.6.13 **Description** The issue is related to the `gadget dev desc UDC store` function in the `drivers/usb/gadget/configfs.c` file of the Linux kernel. It relies on `kstrdup` without considering the possibility of an internal `0` value, allowing attackers to trigger an out-of-bounds read. This can potentially lead to a denial of service. **Recommendations** For Linux kernel versions 3.16 through 5.6.13, consider disabling the `gadget dev desc UDC store` function as a temporary workaround until a patch is available. Restrict access to the `configfs.c` file to minimize the risk of exploitation. Avoid using the `kstrdup` function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.6.8 **Description** The issue is related to the `usb sg cancel` function in the Linux kernel, specifically in the `drivers/usb/core/message.c` file. It involves a use-after-free condition due to a transfer occurring without a reference. This could allow an attacker to execute arbitrary code. The problem is caused by improper locking, which can lead to a local escalation of privilege without requiring additional execution privileges or user interaction. **Recommendations** For Linux kernel versions prior to 5.6.8, update to version 5.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `usb sg cancel` function in the `message.c` file until a patch is available.