CVE-2024-57913
📋 TL;DR
A race condition vulnerability in the Linux kernel's USB gadget subsystem can cause kernel panic when panic_on_warn is enabled. This affects systems using USB gadget functions like Android Debug Bridge (ADB) or configfs USB configurations. The vulnerability is triggered by concurrent operations between user-space daemons and USB configuration processes.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System crash or instability when USB gadget functions are actively used with panic_on_warn enabled.
If Mitigated
Minor performance impact or warning messages in kernel logs without panic_on_warn enabled.
🎯 Exploit Status
Exploitation requires specific race condition timing between USB gadget operations and local process access. No known public exploits.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits: 19fc1c83454ca9d5699e39633ec79ce26355251c, 3e4d32cc145955d5c56c5498a3ff057e4aafa9d1, 82f60f3600aecd9ffcd0fbc4e193694511c85b47, a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2, bfe60030fcd976e3546e1f73d6d0eb3fea26442e
Vendor Advisory: https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable panic_on_warn
linuxPrevent kernel panic by disabling the panic_on_warn kernel parameter
echo 0 > /proc/sys/kernel/panic_on_warn
sysctl -w kernel.panic_on_warn=0
Disable USB gadget functions
linuxRemove or disable USB gadget configurations if not required
rmmod g_ffs
rmmod usb_f_fs
disable ADB or configfs USB gadget services
🧯 If You Can't Patch
- Disable panic_on_warn kernel parameter to prevent system crashes
- Restrict USB gadget configuration access to trusted users only
🔍 How to Verify
Check if Vulnerable:
Check if system uses USB gadget functions and has panic_on_warn enabled: cat /proc/sys/kernel/panic_on_warnCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes fix commits: uname -r and verify with distribution patch notes📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'panic_on_warn'
- WARN_ON traces in kernel logs from ffs_func_bind
- USB gadget binding errors
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("panic_on_warn" OR "ffs_func_bind" OR "WARN_ON")🔗 References
- https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c
- https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1
- https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47
- https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2
- https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e
- https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699
- https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
