Wind River Support Network

HomeDefectsLIN1019-11097
Not to be fixed

LIN1019-11097 : Security Advisory - linux - CVE-2021-46930

Created: Feb 27, 2024    Updated: Mar 19, 2024
Resolved Date: Mar 19, 2024
Found In Version: 10.19.45.1
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: mtu3: fix list_head check warning

This is caused by uninitialization of list_head.

BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4

Call trace:
dump_backtrace+0x0/0x298
show_stack+0x24/0x34
dump_stack+0x130/0x1a8
print_address_description+0x88/0x56c
__kasan_report+0x1b8/0x2a0
kasan_report+0x14/0x20
__asan_load8+0x9c/0xa0
__list_del_entry_valid+0x34/0xe4
mtu3_req_complete+0x4c/0x300 mtu3]
mtu3_gadget_stop+0x168/0x448 [mtu3]
usb_gadget_unregister_driver+0x204/0x3a0
unregister_gadget_item+0x44/0xa4

CREATE(Triage):(User=admin) [CVE-2021-46930 (https://nvd.nist.gov/vuln/detail/CVE-2021-46930)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube