CVE-2024-46675
Severity:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/09/2024
Last modified:
13/09/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
usb: dwc3: core: Prevent USB core invalid event buffer address access<br />
<br />
This commit addresses an issue where the USB core could access an<br />
invalid event buffer address during runtime suspend, potentially causing<br />
SMMU faults and other memory issues in Exynos platforms. The problem<br />
arises from the following sequence.<br />
1. In dwc3_gadget_suspend, there is a chance of a timeout when<br />
moving the USB core to the halt state after clearing the<br />
run/stop bit by software.<br />
2. In dwc3_core_exit, the event buffer is cleared regardless of<br />
the USB core&#39;s status, which may lead to an SMMU faults and<br />
other memory issues. if the USB core tries to access the event<br />
buffer address.<br />
<br />
To prevent this hardware quirk on Exynos platforms, this commit ensures<br />
that the event buffer address is not cleared by software when the USB<br />
core is active during runtime suspend by checking its status before<br />
clearing the buffer address.
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93
- https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9
- https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b
- https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab
- https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f
- https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914
- https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72
- https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f