Linux Kernel USB Gadget Function EEM Net Device Lifecycle Management Vulnerability

A vulnerability in the Linux kernel's USB gadget function implementation for Ethernet Emulation Model (EEM) has been addressed. The issue arose because the net_device was created during the function instance initialization and registered under the gadget device's sysfs parent during the binding phase. When the function was unbound, the parent device was removed, but the net_device remained, leading to broken sysfs symlinks. This vulnerability affected the net_device lifecycle management, causing improper sysfs topology and power management sequencing.

Impact

The vulnerability could lead to dangling sysfs symlinks, causing confusion and potential issues with device management and power sequencing.

Reproduction

The vulnerability can be reproduced by binding a USB gadget function that uses the EEM model. After the function is unbound, the net_device remains registered, but its sysfs link to the gadget is broken, creating a dangling symlink that points to a non-existent directory.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Users can upgrade to the latest version of the stable kernel to address this issue.