Primary

Context

Linux Kernel NULL Pointer Dereference Vulnerability in USB Gadget Driver

Vulnerability

A vulnerability in the Linux kernel's USB gadget driver can lead to a NULL pointer dereference. This issue arises because the driver improperly resets the 'bus' entry of the gadget's driver, interfering with the gadget subsystem's new bus management. The vulnerability has been observed in the 'dwc2' USB gadget driver on ARM architectures, particularly in Samsung Exynos devices, with the issue triggered during the module loading process.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by loading the 'dwc2' USB gadget driver module using 'modprobe'. This process will trigger the NULL pointer dereference error, causing an 'Oops' kernel error, which indicates a serious issue that the kernel was unable to handle gracefully.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in USB Gadget Driver

Vulnerability

Impact

Reproduction

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating