Linux Kernel Net Device Lifecycle Management Vulnerability in USB Gadget Function

A vulnerability exists in the Linux kernel's USB gadget function handling, specifically within the 'f_subset' driver. The issue arises during the lifecycle management of network devices (net_device) associated with USB functions. When a USB function is unbound, its parent device is destroyed, but the net_device remains, leading to dangling symlinks in the sysfs. This mismanagement can cause issues with device recognition and sysfs topology. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to improper management of network devices in the sysfs, causing dangling symlinks and potential issues with device recognition and power management.

Reproduction

The vulnerability can be reproduced by binding a USB function using the 'f_subset' driver, which creates a net_device linked to the gadget device. Upon unbinding the function, the gadget device is destroyed, but the net_device persists, creating a dangling symlink in the sysfs that points to a non-existent device.

Remediation

The vulnerability has been addressed by modifying the 'f_subset' driver to use the 'device_move()' function. This change reparents the net_device between the gadget device tree and the virtual device tree during the bind and unbind cycles, ensuring proper sysfs topology and power management. Users should update to the latest version of the Linux kernel where this fix has been applied.