Fixed
Created: Oct 22, 2025
Updated: Oct 26, 2025
Resolved Date: Oct 26, 2025
Found In Version: 10.21.20.1
Fix Version: 10.21.20.20
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]USB: gadget: Fix the memory leak in raw_gadget driver[EOL][EOL]Currently, increasing raw_dev->count happens before invoke the[EOL]raw_queue_event(), if the raw_queue_event() return error, invoke[EOL]raw_release() will not trigger the dev_free() to be called.[EOL][EOL][ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event[EOL][ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12[EOL][ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12[EOL][ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy[EOL][ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16[EOL][EOL]BUG: memory leak[EOL][EOL][<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076[EOL][<ffffffff8347eb55>] kmalloc include/linux/slab.h:582 [inline][EOL][<ffffffff8347eb55>] kzalloc include/linux/slab.h:703 [inline][EOL][<ffffffff8347eb55>] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline][EOL][<ffffffff8347eb55>] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385[EOL][<ffffffff827d1d09>] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165[EOL][EOL][<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076[EOL][<ffffffff8347cd2f>] kmalloc include/linux/slab.h:582 [inline][EOL][<ffffffff8347cd2f>] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460[EOL][<ffffffff8347dfe9>] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250[EOL][<ffffffff81685173>] vfs_ioctl fs/ioctl.c:51 [inline][EOL][EOL][<ffffffff8154bf94>] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076[EOL][<ffffffff833ecc6a>] kmalloc include/linux/slab.h:582 [inline][EOL][<ffffffff833ecc6a>] kzalloc include/linux/slab.h:703 [inline][EOL][<ffffffff833ecc6a>] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665[EOL][<ffffffff833e9132>] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196[EOL][<ffffffff8347f13d>] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292[EOL][EOL]This commit therefore invoke kref_get() under the condition that[EOL]raw_queue_event() return success.
