Description
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycle with device_move") reparents the gadget device to /sys/devices/virtual during unbind, clearing the gadget pointer. If the userspace tool queries on the surviving interface during this detached window, this leads to a NULL pointer dereference. Unable to handle kernel NULL pointer dereference Call trace: eth_get_drvinfo+0x50/0x90 ethtool_get_drvinfo+0x5c/0x1f0 __dev_ethtool+0xaec/0x1fe0 dev_ethtool+0x134/0x2e0 dev_ioctl+0x338/0x560 Add a NULL check for dev->gadget in eth_get_drvinfo(). When detached, skip copying the fw_version and bus_info strings, which is natively handled by ethtool_get_drvinfo for empty strings.
Product status
93f116c3393a22acab96ad1bef12b2572eb80ca4 (git) before 0326429e8ba99892e1d1e115dc8e88e1a3b64e24
e584cb58a2ea7ff4d3a4bc43d5ca512ed3ecb77d (git) before a36e5e800b9c93e3e1ffa42f34d38b36775dbcee
85acaba2f42b557499bab3608307f17bf13beb69 (git) before 7de4d46be40738c7e48e64b5cc0a34aa1e047b0a
ec35c1969650e7cb6c8a91020e568ed46e3551b0 (git) before e002e92e88e12457373ed096b18716d97e7bbb20
6.12.78 (semver) before 6.12.81
6.18.19 (semver) before 6.18.22
6.19.9 (semver) before 6.19.12
References
git.kernel.org/...c/0326429e8ba99892e1d1e115dc8e88e1a3b64e24
git.kernel.org/...c/a36e5e800b9c93e3e1ffa42f34d38b36775dbcee
git.kernel.org/...c/7de4d46be40738c7e48e64b5cc0a34aa1e047b0a
git.kernel.org/...c/e002e92e88e12457373ed096b18716d97e7bbb20