1195905 – (CVE-2022-24958) VUL-0: CVE-2022-24958: kernel-source,kernel-source-rt,kernel-source-azure: use-after-free in dev->buf release in drivers/usb/gadget/legacy/inode.c

Bug 1195905 (CVE-2022-24958) - VUL-0: CVE-2022-24958: kernel-source,kernel-source-rt,kernel-source-azure: use-after-free in dev->buf release in drivers/usb/gadget/legacy/inode.c

Summary: VUL-0: CVE-2022-24958: kernel-source,kernel-source-rt,kernel-source-azure: us...

Status:	RESOLVED FIXED

Alias:	CVE-2022-24958

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/323537/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2022-02-14 12:16 UTC by Carlos López
Modified:	2024-06-25 16:37 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos López 2022-02-14 12:16:45 UTC

rh#2053548

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

References and upstream patches:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=501e38a5531efbd77d5c73c0ba838a889bfc1d74
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2053548
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24958
https://github.com/torvalds/linux/commit/89f3594d0de58e8a57d92d497dea9fee3d4b9cda
https://github.com/torvalds/linux/commit/501e38a5531efbd77d5c73c0ba838a889bfc1d74
http://www.cvedetails.com/cve/CVE-2022-24958/
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda

Comment 1 Carlos López 2022-02-14 12:17:35 UTC

The following branches contain the vulnerable code:
 - stable
 - SLE15-SP4-GA
 - cve/linux-5.3
 - cve/linux-4.12
 - cve/linux-4.4
 - cve/linux-3.0
 - cve/linux-2.6.32

However, I only see CONFIG_USB_GADGET enabled in a few defconfigs under arch/powerpc/configs/, so I'm not sure if this affects us.

Comment 2 Takashi Iwai 2022-02-14 15:09:33 UTC

The gadget driver is enabled since SLE15-SP3 for Leap integration, and also on TW.  Hence the older SLE kernels are unaffected.

Comment 3 Takashi Iwai 2022-02-14 15:23:53 UTC

The was backported to SLE15-SP4-GA, cve/linux-5.3 and stable branches.

Reassigned back to security team.

Comment 11 Swamp Workflow Management 2022-03-08 23:31:46 UTC

SUSE-SU-2022:0759-1: An update that solves 14 vulnerabilities, contains one feature and has 12 fixes is now available.

Category: security (important)
Bug References: 1189126,1191580,1192483,1194516,1195254,1195286,1195516,1195543,1195612,1195701,1195897,1195905,1195908,1195947,1195949,1195987,1195995,1196079,1196095,1196132,1196155,1196235,1196584,1196601,1196612,1196776
CVE References: CVE-2021-44879,CVE-2022-0001,CVE-2022-0002,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0847,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375
JIRA References: SLE-23652
Sources used:
SUSE Manager Server 4.1 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Manager Retail Branch Server 4.1 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Manager Proxy 4.1 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Realtime Extension 15-SP2 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise Module for Live Patching 15-SP2 (src):    kernel-default-5.3.18-24.107.1, kernel-livepatch-SLE15-SP2_Update_25-1-5.5.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1
SUSE Linux Enterprise High Availability 15-SP2 (src):    kernel-default-5.3.18-24.107.1
SUSE Enterprise Storage 7 (src):    kernel-default-5.3.18-24.107.1, kernel-default-base-5.3.18-24.107.1.9.50.2, kernel-docs-5.3.18-24.107.1, kernel-obs-build-5.3.18-24.107.1, kernel-preempt-5.3.18-24.107.1, kernel-source-5.3.18-24.107.1, kernel-syms-5.3.18-24.107.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Swamp Workflow Management 2022-03-30 13:20:28 UTC

SUSE-SU-2022:1039-1: An update that solves 22 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1194943,1195051,1195211,1195254,1195353,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196130,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196488,1196627,1196723,1196779,1196830,1196836,1196866,1196868,1196956,1196959
CVE References: CVE-2021-0920,CVE-2021-39657,CVE-2021-39698,CVE-2021-44879,CVE-2021-45402,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490,CVE-2022-26966
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.60.4, kernel-preempt-5.3.18-150300.59.60.4
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.60.4, kernel-livepatch-SLE15-SP3_Update_16-1-150300.7.5.3
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.60.4
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.60.4, kernel-obs-build-5.3.18-150300.59.60.4, kernel-preempt-5.3.18-150300.59.60.4, kernel-source-5.3.18-150300.59.60.4, kernel-syms-5.3.18-150300.59.60.4
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.60.4, kernel-default-5.3.18-150300.59.60.4, kernel-default-base-5.3.18-150300.59.60.4.150300.18.37.5, kernel-preempt-5.3.18-150300.59.60.4, kernel-source-5.3.18-150300.59.60.4, kernel-zfcpdump-5.3.18-150300.59.60.4
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.60.4, kernel-default-base-5.3.18-150300.59.60.4.150300.18.37.5
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.60.4

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 19 Swamp Workflow Management 2022-03-30 13:31:20 UTC

openSUSE-SU-2022:1039-1: An update that solves 22 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1194943,1195051,1195211,1195254,1195353,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196130,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196488,1196627,1196723,1196779,1196830,1196836,1196866,1196868,1196956,1196959
CVE References: CVE-2021-0920,CVE-2021-39657,CVE-2021-39698,CVE-2021-44879,CVE-2021-45402,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490,CVE-2022-26966
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.60.4, kernel-preempt-5.3.18-150300.59.60.4
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.60.4, kernel-64kb-5.3.18-150300.59.60.4, kernel-debug-5.3.18-150300.59.60.4, kernel-default-5.3.18-150300.59.60.4, kernel-default-base-5.3.18-150300.59.60.4.150300.18.37.5, kernel-docs-5.3.18-150300.59.60.4, kernel-kvmsmall-5.3.18-150300.59.60.4, kernel-obs-build-5.3.18-150300.59.60.4, kernel-obs-qa-5.3.18-150300.59.60.4, kernel-preempt-5.3.18-150300.59.60.4, kernel-source-5.3.18-150300.59.60.4, kernel-syms-5.3.18-150300.59.60.4, kernel-zfcpdump-5.3.18-150300.59.60.4

Comment 20 Swamp Workflow Management 2022-03-30 13:35:28 UTC

openSUSE-SU-2022:1037-1: An update that solves 12 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1195211,1195254,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196627,1196723,1196779,1196830,1196836,1196866,1196868
CVE References: CVE-2021-0920,CVE-2021-39657,CVE-2021-44879,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.50.1, kernel-source-azure-5.3.18-150300.38.50.1, kernel-syms-azure-5.3.18-150300.38.50.1

Comment 21 Swamp Workflow Management 2022-03-30 13:40:06 UTC

SUSE-SU-2022:1037-1: An update that solves 12 vulnerabilities and has 25 fixes is now available.

Category: security (important)
Bug References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1195211,1195254,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196627,1196723,1196779,1196830,1196836,1196866,1196868
CVE References: CVE-2021-0920,CVE-2021-39657,CVE-2021-44879,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.50.1, kernel-source-azure-5.3.18-150300.38.50.1, kernel-syms-azure-5.3.18-150300.38.50.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 23 Swamp Workflow Management 2022-04-19 13:23:46 UTC

SUSE-SU-2022:1257-1: An update that solves 33 vulnerabilities, contains one feature and has 9 fixes is now available.

Category: security (important)
Bug References: 1179639,1189126,1189562,1193731,1194516,1194943,1195051,1195254,1195286,1195353,1195403,1195516,1195543,1195612,1195897,1195905,1195939,1195987,1196018,1196079,1196095,1196155,1196196,1196235,1196468,1196488,1196612,1196761,1196776,1196823,1196830,1196836,1196956,1197227,1197331,1197366,1197389,1197462,1197702,1198031,1198032,1198033
CVE References: CVE-2021-0920,CVE-2021-39698,CVE-2021-44879,CVE-2021-45868,CVE-2022-0487,CVE-2022-0492,CVE-2022-0516,CVE-2022-0617,CVE-2022-0644,CVE-2022-0850,CVE-2022-0854,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25375,CVE-2022-26490,CVE-2022-26966,CVE-2022-27666,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390,CVE-2022-28748
JIRA References: SLE-23652
Sources used:
SUSE Linux Enterprise Module for Realtime 15-SP2 (src):    kernel-rt-5.3.18-150200.79.2, kernel-rt_debug-5.3.18-150200.79.2, kernel-source-rt-5.3.18-150200.79.2, kernel-syms-rt-5.3.18-150200.79.1
SUSE Linux Enterprise Micro 5.0 (src):    kernel-rt-5.3.18-150200.79.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 29 Carlos López 2023-03-02 15:17:28 UTC

Released.