Description
In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc->length update can be reordered before the memmove. If this happens, wdm_read() can see the new length and call copy_to_user() on uninitialized memory. This also violates LKMM data race rules [1]. Fix it by using WRITE_ONCE and memory barriers.
Product status
afba937e540c902c989cd516fd97ea0c8499bb27 (git) before 638328ca9c17ae6511ad62198c57bae32ffa3c91
afba937e540c902c989cd516fd97ea0c8499bb27 (git) before 170e8daca24da6edb4be82ab01abf44e87af387b
afba937e540c902c989cd516fd97ea0c8499bb27 (git) before c8fa96ed021923dae147bcd9f9205b8df7b82360
afba937e540c902c989cd516fd97ea0c8499bb27 (git) before 4ee3062bf2c9a722afef429826e8607eaf3fc6a0
afba937e540c902c989cd516fd97ea0c8499bb27 (git) before 276aef0fd2b92f41b920ac891c72cadeee957934
afba937e540c902c989cd516fd97ea0c8499bb27 (git) before 67ed312124bb1b61858778ac0b985b48961c862a
afba937e540c902c989cd516fd97ea0c8499bb27 (git) before e3c874b05901dc519054b5107d16620e6d2b5fea
afba937e540c902c989cd516fd97ea0c8499bb27 (git) before 8df672bfe3ec2268c2636584202755898e547173
2.6.26
Any version before 2.6.26
5.10.253 (semver)
5.15.203 (semver)
6.1.167 (semver)
6.6.130 (semver)
6.12.78 (semver)
6.18.19 (semver)
6.19.9 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/638328ca9c17ae6511ad62198c57bae32ffa3c91
git.kernel.org/...c/170e8daca24da6edb4be82ab01abf44e87af387b
git.kernel.org/...c/c8fa96ed021923dae147bcd9f9205b8df7b82360
git.kernel.org/...c/4ee3062bf2c9a722afef429826e8607eaf3fc6a0
git.kernel.org/...c/276aef0fd2b92f41b920ac891c72cadeee957934
git.kernel.org/...c/67ed312124bb1b61858778ac0b985b48961c862a
git.kernel.org/...c/e3c874b05901dc519054b5107d16620e6d2b5fea
git.kernel.org/...c/8df672bfe3ec2268c2636584202755898e547173