CVE-2021-47272

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A possible scenario exists where dwc3 gadget init() can fail during a host to peripheral mode switch in dwc3 set mode(), and a pending gadget driver fails to bind. If the DRD undergoes another mode switch from peripheral to host, dwc3 gadget exit() will attempt to reference an invalid and dangling dwc->gadget pointer and call dma free coherent() on unmapped DMA pointers. The issue can be reproduced by starting DWC3 in peripheral mode, configuring ConfigFS gadget with FunctionFS instance, running FunctionFS userspace application, binding gadget driver to DWC3's UDC, switching to host mode, stopping FunctionFS application, switching to peripheral mode, and then back to host mode. Although userspace should ensure the FunctionFS application is ready before allowing the composite driver to bind to the UDC, failure to do so should not result in a panic from the kernel driver.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.