Udipto Goswami

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a null pointer dereference in the `update port device state()` function in the Linux kernel's USB core module. This occurs when the `actconfig` or `maxchild` is 0, causing the `usb hub` to be NULL, and subsequent access to `port dev` results in a null pointer dereference. This could allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the Linux kernel's USB gadget driver, specifically in the `ffs func eps disable()` function. This vulnerability occurs due to a race condition between `ffs func eps disable()` and `ffs epfile release()`, where the latter frees up the read buffer and destroys `ffs->epfiles`, marking it as NULL. Meanwhile, `ffs func eps disable()` proceeds with the stale value of `epfile` and attempts to free the already freed read buffer, causing a use-after-free condition. This can potentially impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.