{"id":"AZL-54868","summary":"CVE-2024-56670 affecting package kernel for versions less than 6.6.76.1-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer\n\nConsidering that in some extreme cases,\nwhen u_serial driver is accessed by multiple threads,\nThread A is executing the open operation and calling the gs_open,\nThread B is executing the disconnect operation and calling the\ngserial_disconnect function,The port-\u003eport_usb pointer will be set to NULL.\n\nE.g.\n    Thread A                                 Thread B\n    gs_open()                                gadget_unbind_driver()\n    gs_start_io()                            composite_disconnect()\n    gs_start_rx()                            gserial_disconnect()\n    ...                                      ...\n    spin_unlock(&port-\u003eport_lock)\n    status = usb_ep_queue()                  spin_lock(&port-\u003eport_lock)\n    spin_lock(&port-\u003eport_lock)              port-\u003eport_usb = NULL\n    gs_free_requests(port-\u003eport_usb-\u003ein)     spin_unlock(&port-\u003eport_lock)\n    Crash\n\nThis causes thread A to access a null pointer (port-\u003eport_usb is null)\nwhen calling the gs_free_requests function, causing a crash.\n\nIf port_usb is NULL, the release request will be skipped as it\nwill be done by gserial_disconnect.\n\nSo add a null pointer check to gs_start_io before attempting\nto access the value of the pointer port-\u003eport_usb.\n\nCall trace:\n gs_start_io+0x164/0x25c\n gs_open+0x108/0x13c\n tty_open+0x314/0x638\n chrdev_open+0x1b8/0x258\n do_dentry_open+0x2c4/0x700\n vfs_open+0x2c/0x3c\n path_openat+0xa64/0xc60\n do_filp_open+0xb8/0x164\n do_sys_openat2+0x84/0xf0\n __arm64_sys_openat+0x70/0x9c\n invoke_syscall+0x58/0x114\n el0_svc_common+0x80/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x38/0x68","modified":"2026-04-01T05:18:25.225008Z","published":"2024-12-27T15:15:26Z","upstream":["CVE-2024-56670"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56670"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.76.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-54868.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}