CVE-2024-26715

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend<br /> <br /> In current scenario if Plug-out and Plug-In performed continuously<br /> there could be a chance while checking for dwc-&gt;gadget_driver in<br /> dwc3_gadget_suspend, a NULL pointer dereference may occur.<br /> <br /> Call Stack:<br /> <br /> CPU1: CPU2:<br /> gadget_unbind_driver dwc3_suspend_common<br /> dwc3_gadget_stop dwc3_gadget_suspend<br /> dwc3_disconnect_gadget<br /> <br /> CPU1 basically clears the variable and CPU2 checks the variable.<br /> Consider CPU1 is running and right before gadget_driver is cleared<br /> and in parallel CPU2 executes dwc3_gadget_suspend where it finds<br /> dwc-&gt;gadget_driver which is not NULL and resumes execution and then<br /> CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where<br /> it checks dwc-&gt;gadget_driver is already NULL because of which the<br /> NULL pointer deference occur.