CVE-2023-54159

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the USB MTU3 subsystem. A kernel panic can occur when handling QMU transfer interrupts due to a race condition involving locking and unlocking of the mtu->lock. Specifically, if a disconnect event occurs concurrently with QMU transfer interrupt handling, a NULL pointer dereference can occur when accessing a QMU ring, leading to a kernel panic. The issue arises when the mtu->lock is unlocked before a request is returned, and another thread attempts to disable an endpoint, potentially freeing the QMU ring before the interrupt handler completes. The problem is mitigated by checking the validity of the gpd (Global Pointer Descriptor) before handling it. The scenario involves the qmu done tx() function and the mtu3 requ complete() and mtu3 gadget ep disable() functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.