CVE-2024-36894
📋 TL;DR
A race condition in the Linux kernel's USB gadget FunctionFS subsystem allows concurrent access to freed memory pointers when AIO cancellation occurs during USB soft disconnects. This affects systems using USB gadget functionality with FunctionFS, potentially leading to kernel crashes or instability. The vulnerability requires local access to the affected USB gadget interface.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, with potential for privilege escalation if combined with other vulnerabilities.
Likely Case
System instability, USB gadget functionality failures, or application crashes when USB disconnects occur during active AIO operations.
If Mitigated
Minimal impact if proper access controls prevent unauthorized users from accessing USB gadget interfaces.
🎯 Exploit Status
Exploitation requires local access and specific timing conditions during USB soft disconnects. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel commits: 24729b307eefcd7c476065cd7351c1a018082c19, 3613e5023f09b3308545e9d1acda86017ebd418a, 73c05ad46bb4fbbdb346004651576d1c8dbcffbb, 9e72ef59cbe61cd1243857a6418ca92104275867, a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14
Vendor Advisory: https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable USB gadget FunctionFS
linuxDisable the vulnerable USB gadget FunctionFS subsystem if not required
modprobe -r g_ffs
echo 'blacklist g_ffs' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict access to USB gadget interfaces to trusted users only
- Monitor system logs for USB gadget-related crashes or instability
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if g_ffs module is loaded: lsmod | grep g_ffsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test USB gadget functionality📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- USB gadget-related errors in dmesg
- System crashes during USB disconnects
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for kernel panic logs or USB gadget error messages in system logs🔗 References
- https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19
- https://git.kernel.org/stable/c/3613e5023f09b3308545e9d1acda86017ebd418a
- https://git.kernel.org/stable/c/73c05ad46bb4fbbdb346004651576d1c8dbcffbb
- https://git.kernel.org/stable/c/9e72ef59cbe61cd1243857a6418ca92104275867
- https://git.kernel.org/stable/c/a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14
- https://git.kernel.org/stable/c/d7461830823242702f5d84084bcccb25159003f4
- https://git.kernel.org/stable/c/e500b1c4e29ad0bd1c1332a1eaea2913627a92dd
- https://git.kernel.org/stable/c/f71a53148ce34898fef099b75386a3a9f4449311
- https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19
- https://git.kernel.org/stable/c/3613e5023f09b3308545e9d1acda86017ebd418a
- https://git.kernel.org/stable/c/73c05ad46bb4fbbdb346004651576d1c8dbcffbb
- https://git.kernel.org/stable/c/9e72ef59cbe61cd1243857a6418ca92104275867
- https://git.kernel.org/stable/c/a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14
- https://git.kernel.org/stable/c/d7461830823242702f5d84084bcccb25159003f4
- https://git.kernel.org/stable/c/e500b1c4e29ad0bd1c1332a1eaea2913627a92dd
- https://git.kernel.org/stable/c/f71a53148ce34898fef099b75386a3a9f4449311
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
