Fixed
Created: Oct 22, 2025
Updated: Oct 26, 2025
Resolved Date: Oct 26, 2025
Found In Version: 10.21.20.1
Fix Version: 10.21.20.17
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]usb: gadget: f_hid: fix f_hidg lifetime vs cdev[EOL][EOL]The embedded struct cdev does not have its lifetime correctly tied to[EOL]the enclosing struct f_hidg, so there is a use-after-free if /dev/hidgN[EOL]is held open while the gadget is deleted.[EOL][EOL]This can readily be replicated with libusbgx's example programs (for[EOL]conciseness - operating directly via configfs is equivalent):[EOL][EOL]\tgadget-hid[EOL]\texec 3<> /dev/hidg0[EOL]\tgadget-vid-pid-remove[EOL]\texec 3<&-[EOL][EOL]Pull the existing device up in to struct f_hidg and make use of the[EOL]cdev_device_{add,del}() helpers. This changes the lifetime of the[EOL]device object to match struct f_hidg, but note that it is still added[EOL]and deleted at the same time.
