Linux Kernel USB Gadget Double Free Vulnerability in f_tcm Gadget

Vulnerability

A vulnerability in the Linux kernel's USB gadget subsystem, specifically within the f_tcm gadget, has been addressed. The issue was related to improper management of command memory. The vulnerability arose because the command was being freed prematurely, before the status completion of the sense status. This mismanagement could lead to a double free of the command, potentially causing memory corruption.

Impact

Exploitation of this vulnerability could lead to memory corruption due to a double free condition, which can be exploited to manipulate memory management and potentially execute arbitrary code.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel USB Gadget Double Free Vulnerability in f_tcm Gadget

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating