PT-2024-29740 · Linux+6 · Linux Kernel+6

Meng Li

·

Published

2024-06-18

·

Updated

2025-09-29

·

CVE-2024-42085

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A deadlock issue occurs in the Linux kernel when the CONFIG USB DWC3 DUAL ROLE configuration is selected and the system is triggered to enter suspend status with the command echo mem > /sys/power/state. The issue is exposed by a commit that removes the code checking whether dwc->gadget driver is NULL or not, causing a deadlock when trying to get the spinlock. The root cause is another commit that forgot to remove the lock of otg mode during gadget suspend/resume. The detailed invoking path involves the functions dwc3 suspend common(), dwc3 gadget suspend(dwc), and dwc3 gadget soft disconnect(dwc), with the spin lock irqsave(&dwc->lock, flags) being called twice, leading to the deadlock.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-833CWE-476CWE-667

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-11524
ALT-PU-2024-13979
ALT-PU-2024-14046
BDU:2025-02554
CVE-2024-42085
DLA-4008-1
OESA-2024-2076
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7156-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu