References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3: gadget: fix NULL pointer dereference in ep_queue

When the gadget endpoint is disabled or not yet configured, the ep->desc
pointer can be NULL. This leads to a NULL pointer dereference when
__cdns3_gadget_ep_queue() is called, causing a kernel crash.

Add a check to return -ESHUTDOWN if ep->desc is NULL, which is the
standard return code for unconfigured endpoints.

This prevents potential crashes when ep_queue is called on endpoints
that are not ready.

https://git.kernel.org/stable/c/14bf08ab2cdfcdfd3f13e799d06692a1b3e0745f

https://git.kernel.org/stable/c/390536cc6af4ca5566bc3bf1f8b704700380cd2c

https://git.kernel.org/stable/c/3d1433fe34b224b90259e207e5389e95b504ef04

https://git.kernel.org/stable/c/7f6f127b9bc34bed35f56faf7ecb1561d6b39000

https://git.kernel.org/stable/c/9ab9b0e5fcdac325f950fc8b6caa08a9e22a0db9

https://git.kernel.org/stable/c/d61446dfc9d387775bb1b95b081953201b9222af

https://git.kernel.org/stable/c/fb2ad0c1334a3eccfe4ed203f9eef5a4879226f6