CVE-2024-57915

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved. The issue occurs in the u serial gadget when the gserial disconnect function clears the gser->ioport, triggering gadget reconfiguration and resulting in a null pointer access. To fix this, the ep is disabled before setting the port to null. The call trace includes functions such as gs read complete, usb gadget giveback request, and dwc3 remove requests.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the u serial gadget until a patch is available. Restrict access to the vulnerable gs read complete function to minimize the risk of exploitation. Avoid using the gser->ioport variable in the affected gadget reconfiguration until the issue is resolved.