From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2D9E3E4C62 for ; Fri, 8 May 2026 13:37:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778247457; cv=none; b=ifJgfcioaSLemAp7xPg45wH2f45KsSHjwn8QmZNzKTGmGVX+nJIhmvVqxiDCiqmbSOCj9P6cZlGYG0pE6Y2ZWPTiwFoVBqRsLEbkZBsz8r78CQiQp3mkR8YDt1mipJyNryE9D0ckmGRNTqV/1SgsUdLjBdf78ISPSa233en1yL4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778247457; c=relaxed/simple; bh=2K+aAlK7bs9XgaUKYU7B9XiAelr1BcxMMff8w3qQNag=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=gL25nAlEcH3rhB6O3qYoB8TthlEDG249mHujCfUcXikmNc+u/3SW8ePppVazlcfEW065GyITwMlye2zW/XfavCyAFeQmLEBvVZ3lA+UQeMx0JfC1Li74GWQ+yXh9mME1PQeHdAzuwVdLhq0LdVRZnb8qAfd6neJj3srlnx1/vt0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=Esy+IfsG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="Esy+IfsG" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40ED2C2BCB0; Fri, 8 May 2026 13:37:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778247456; bh=2K+aAlK7bs9XgaUKYU7B9XiAelr1BcxMMff8w3qQNag=; h=From:To:Cc:Subject:Date:Reply-To:From; b=Esy+IfsGnHYhjYkHxlBIvA57UOZBPdqmt5+VgA/2afHozPVtC7IcKHd87Cw4JePjd FJg9yFOX3utSPg4bNNChEbHVF10kZ71Ehslul4Sq9LoVZyWQb0C+4zQ8XTZj7tsujQ VqPQsMJMLsE62L7fmZB0UvdWvXAChOFCsAgI3M/w= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2026-43342: usb: gadget: f_rndis: Protect RNDIS options with mutex Date: Fri, 8 May 2026 15:37:25 +0200 Message-ID: <2026050824-CVE-2026-43342-fd03@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3376; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=dTc096zo8Jyt8Bvf64eQHCcJLdNPDNvCNG44zCV1r6M=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/n4uEmBv+m/tYJ0d398fzoff/HE7bUWyRyZr7p/7P0 0fftpss7YhlYRBkYpAVU2T5so3n6P6KQ4pehranYeawMoEMYeDiFICJXHrJMIf37ZntwU6iMyNm rAlQmKvIYanG/JZhDjdHy+dFQXs/Fq/2e6mdPTU5jfddHAA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. This issue was identified during code inspection. The Linux kernel CVE team has assigned CVE-2026-43342 to this issue. Affected and fixed versions =========================== Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 5.10.253 with commit 0a75d97c53477a59c0aa1c65f69038c719f9c5b8 Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 5.15.203 with commit c1b3d5b0acb194efe20fc5864ee03439fa7bd45c Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.1.168 with commit 65b7dbf80a1627667c241fff7c1c224f3118014f Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.6.134 with commit cb5316b37288ab8791584e32f114c4f41ad45b67 Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.12.81 with commit 7d8fa3b8783ab95a46e20d97fbeeede719b2efda Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.18.22 with commit 446f1842cda929c40d4697722bfdcfb334bc9692 Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 6.19.12 with commit 209decd3f7901df9842b83f2540dc8685e344a07 Issue introduced in 4.14 with commit 73517cf49bd449122b615d2b7a6bb835f02252e5 and fixed in 7.0 with commit 8d8c68b1fc06ece60cf43e1306ff0f4ac121547e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-43342 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/gadget/function/f_rndis.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0a75d97c53477a59c0aa1c65f69038c719f9c5b8 https://git.kernel.org/stable/c/c1b3d5b0acb194efe20fc5864ee03439fa7bd45c https://git.kernel.org/stable/c/65b7dbf80a1627667c241fff7c1c224f3118014f https://git.kernel.org/stable/c/cb5316b37288ab8791584e32f114c4f41ad45b67 https://git.kernel.org/stable/c/7d8fa3b8783ab95a46e20d97fbeeede719b2efda https://git.kernel.org/stable/c/446f1842cda929c40d4697722bfdcfb334bc9692 https://git.kernel.org/stable/c/209decd3f7901df9842b83f2540dc8685e344a07 https://git.kernel.org/stable/c/8d8c68b1fc06ece60cf43e1306ff0f4ac121547e