* CVE-2026-43342: usb: gadget: f_rndis: Protect RNDIS options with mutex
@ 2026-05-08 13:37 Greg Kroah-Hartman
0 siblings, 0 replies; only message in thread
From: Greg Kroah-Hartman @ 2026-05-08 13:37 UTC (permalink / raw)
To: linux-cve-announce; +Cc: Greg Kroah-Hartman
From: Greg Kroah-Hartman <gregkh@kernel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_rndis: Protect RNDIS options with mutex
The class/subclass/protocol options are suspectible to race conditions
as they can be accessed concurrently through configfs.
Use existing mutex to protect these options. This issue was identified
during code inspection.
The Linux kernel CVE team has assigned CVE-2026-43342 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 5.10.253 with commit 0a75d97c53477a59c0aa1c65f69038c719f9c5b8
Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 5.15.203 with commit c1b3d5b0acb194efe20fc5864ee03439fa7bd45c
Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.1.168 with commit 65b7dbf80a1627667c241fff7c1c224f3118014f
Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.6.134 with commit cb5316b37288ab8791584e32f114c4f41ad45b67
Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.12.81 with commit 7d8fa3b8783ab95a46e20d97fbeeede719b2efda
Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.18.22 with commit 446f1842cda929c40d4697722bfdcfb334bc9692
Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.19.12 with commit 209decd3f7901df9842b83f2540dc8685e344a07
Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 7.0 with commit 8d8c68b1fc06ece60cf43e1306ff0f4ac121547e
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2026-43342
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/usb/gadget/function/f_rndis.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/0a75d97c53477a59c0aa1c65f69038c719f9c5b8
https://git.kernel.org/stable/c/c1b3d5b0acb194efe20fc5864ee03439fa7bd45c
https://git.kernel.org/stable/c/65b7dbf80a1627667c241fff7c1c224f3118014f
https://git.kernel.org/stable/c/cb5316b37288ab8791584e32f114c4f41ad45b67
https://git.kernel.org/stable/c/7d8fa3b8783ab95a46e20d97fbeeede719b2efda
https://git.kernel.org/stable/c/446f1842cda929c40d4697722bfdcfb334bc9692
https://git.kernel.org/stable/c/209decd3f7901df9842b83f2540dc8685e344a07
https://git.kernel.org/stable/c/8d8c68b1fc06ece60cf43e1306ff0f4ac121547e
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-08 13:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-08 13:37 CVE-2026-43342: usb: gadget: f_rndis: Protect RNDIS options with mutex Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox