Linux Kernel USB WDM Race Condition Vulnerability

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's USB WDM (Wireless Data Modem) subsystem. This issue arises from a timing conflict between the 'wdm_open' and 'wdm_wwan_port_stop' functions. The vulnerability allows for the possibility of opening a character device while its URBs (USB Request Blocks) are still in a corrupted state. The problem occurs because the action of clearing the 'WDM_WWAN_IN_USE' flag is not properly synchronized, leading to potential misuse of the device.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the USB WDM subsystem, potentially allowing for the misuse of character devices in a corrupted state.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

3.5

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel USB WDM Race Condition Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating