CVE-2024-57913: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->gadget_dev_desc_UDC_store() ->adb_write() ->usb_gadget_register_driver_owner ->driver_register() ->StartMonitor() ->bus_add_driver() ->adb_read() ->gadget_bind_driver() <times-out without BIND event> ->configfs_composite_bind() ->usb_add_function() ->open_functionfs() ->ffs_func_bind() ->adb_open() ->functionfs_bind() <ffs->state !=FFS_ACTIVE> The adb_open, adb_read, and adb_write operations are invoked from the daemon, but trying to bind the function is a process that is invoked by UDC write through configfs, which opens up the possibility of a race condition between the two paths. In this race scenario, the kernel panic occurs due to the WARN_ON from functionfs_bind when panic_on_warn is enabled. This commit fixes the kernel panic by removing the unnecessary WARN_ON. Kernel panic - not syncing: kernel: panic_on_warn set ... [ 14.542395] Call trace: [ 14.542464] ffs_func_bind+0x1c8/0x14a8 [ 14.542468] usb_add_function+0xcc/0x1f0 [ 14.542473] configfs_composite_bind+0x468/0x588 [ 14.542478] gadget_bind_driver+0x108/0x27c [ 14.542483] really_probe+0x190/0x374 [ 14.542488] __driver_probe_device+0xa0/0x12c [ 14.542492] driver_probe_device+0x3c/0x220 [ 14.542498] __driver_attach+0x11c/0x1fc [ 14.542502] bus_for_each_dev+0x104/0x160 [ 14.542506] driver_attach+0x24/0x34 [ 14.542510] bus_add_driver+0x154/0x270 [ 14.542514] driver_register+0x68/0x104 [ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4 [ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144 [ 14.542526] configfs_write_iter+0xf0/0x138
AI Analysis
Technical Summary
CVE-2024-57913 is a vulnerability in the Linux kernel's USB gadget subsystem, specifically within the FunctionFS (functionfs) driver. The issue arises from the use of WARN_ON in the functionfs_bind() function, which can trigger a kernel panic when the kernel parameter panic_on_warn is enabled. The root cause is a race condition between two paths: one involving adb_write operations invoked by the adbd daemon, and another involving UDC (USB Device Controller) writes via configfs. These two paths attempt to bind the USB function concurrently, leading to a state where WARN_ON triggers due to an unexpected functionfs state (ffs->state != FFS_ACTIVE). This results in a kernel panic with the message "kernel panic - not syncing: kernel: panic_on_warn set ..." and a call trace pointing to the functionfs_bind and related USB gadget driver functions. The vulnerability does not appear to allow direct code execution or privilege escalation but causes a denial of service (DoS) by crashing the kernel. The patch removes the unnecessary WARN_ON to prevent the panic, addressing the race condition. The affected versions are identified by a specific commit hash, indicating the issue is present in certain Linux kernel versions prior to the fix. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux systems that utilize the USB gadget FunctionFS driver, particularly in environments where panic_on_warn is enabled (often in development, embedded, or specialized systems). Systems that rely on USB gadget functionality for device emulation, testing, or embedded USB device roles could experience unexpected kernel panics, leading to system crashes and potential downtime. This can disrupt critical services, especially in industrial control systems, telecommunications, or IoT deployments common in sectors like manufacturing, healthcare, and transportation across Europe. While the vulnerability does not directly expose data or allow remote code execution, the resulting instability could be exploited to cause operational disruptions. Organizations with Linux-based embedded devices or servers that handle USB gadget configurations should be particularly vigilant. The impact is more pronounced in environments where system availability is critical and where kernel panic recovery is not automated or rapid.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that remove the WARN_ON in functionfs_bind as soon as they are available and tested. 2) Review and update Linux kernel versions to those that include the fix for CVE-2024-57913. 3) Disable or avoid enabling panic_on_warn in production environments unless necessary, as this setting exacerbates the impact of this issue. 4) Monitor USB gadget usage and configurations, especially those involving FunctionFS and configfs, to detect unusual or concurrent binding attempts that could trigger the race condition. 5) Implement robust system monitoring and automated recovery mechanisms to handle unexpected kernel panics, minimizing downtime. 6) For embedded and IoT devices, coordinate with vendors to ensure firmware/kernel updates include this fix. 7) Conduct thorough testing of USB gadget functionality after patching to confirm stability and absence of regressions. These steps go beyond generic advice by focusing on configuration management, kernel version control, and operational readiness specific to the USB gadget subsystem.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2024-57913: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->gadget_dev_desc_UDC_store() ->adb_write() ->usb_gadget_register_driver_owner ->driver_register() ->StartMonitor() ->bus_add_driver() ->adb_read() ->gadget_bind_driver() <times-out without BIND event> ->configfs_composite_bind() ->usb_add_function() ->open_functionfs() ->ffs_func_bind() ->adb_open() ->functionfs_bind() <ffs->state !=FFS_ACTIVE> The adb_open, adb_read, and adb_write operations are invoked from the daemon, but trying to bind the function is a process that is invoked by UDC write through configfs, which opens up the possibility of a race condition between the two paths. In this race scenario, the kernel panic occurs due to the WARN_ON from functionfs_bind when panic_on_warn is enabled. This commit fixes the kernel panic by removing the unnecessary WARN_ON. Kernel panic - not syncing: kernel: panic_on_warn set ... [ 14.542395] Call trace: [ 14.542464] ffs_func_bind+0x1c8/0x14a8 [ 14.542468] usb_add_function+0xcc/0x1f0 [ 14.542473] configfs_composite_bind+0x468/0x588 [ 14.542478] gadget_bind_driver+0x108/0x27c [ 14.542483] really_probe+0x190/0x374 [ 14.542488] __driver_probe_device+0xa0/0x12c [ 14.542492] driver_probe_device+0x3c/0x220 [ 14.542498] __driver_attach+0x11c/0x1fc [ 14.542502] bus_for_each_dev+0x104/0x160 [ 14.542506] driver_attach+0x24/0x34 [ 14.542510] bus_add_driver+0x154/0x270 [ 14.542514] driver_register+0x68/0x104 [ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4 [ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144 [ 14.542526] configfs_write_iter+0xf0/0x138
AI-Powered Analysis
Technical Analysis
CVE-2024-57913 is a vulnerability in the Linux kernel's USB gadget subsystem, specifically within the FunctionFS (functionfs) driver. The issue arises from the use of WARN_ON in the functionfs_bind() function, which can trigger a kernel panic when the kernel parameter panic_on_warn is enabled. The root cause is a race condition between two paths: one involving adb_write operations invoked by the adbd daemon, and another involving UDC (USB Device Controller) writes via configfs. These two paths attempt to bind the USB function concurrently, leading to a state where WARN_ON triggers due to an unexpected functionfs state (ffs->state != FFS_ACTIVE). This results in a kernel panic with the message "kernel panic - not syncing: kernel: panic_on_warn set ..." and a call trace pointing to the functionfs_bind and related USB gadget driver functions. The vulnerability does not appear to allow direct code execution or privilege escalation but causes a denial of service (DoS) by crashing the kernel. The patch removes the unnecessary WARN_ON to prevent the panic, addressing the race condition. The affected versions are identified by a specific commit hash, indicating the issue is present in certain Linux kernel versions prior to the fix. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux systems that utilize the USB gadget FunctionFS driver, particularly in environments where panic_on_warn is enabled (often in development, embedded, or specialized systems). Systems that rely on USB gadget functionality for device emulation, testing, or embedded USB device roles could experience unexpected kernel panics, leading to system crashes and potential downtime. This can disrupt critical services, especially in industrial control systems, telecommunications, or IoT deployments common in sectors like manufacturing, healthcare, and transportation across Europe. While the vulnerability does not directly expose data or allow remote code execution, the resulting instability could be exploited to cause operational disruptions. Organizations with Linux-based embedded devices or servers that handle USB gadget configurations should be particularly vigilant. The impact is more pronounced in environments where system availability is critical and where kernel panic recovery is not automated or rapid.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that remove the WARN_ON in functionfs_bind as soon as they are available and tested. 2) Review and update Linux kernel versions to those that include the fix for CVE-2024-57913. 3) Disable or avoid enabling panic_on_warn in production environments unless necessary, as this setting exacerbates the impact of this issue. 4) Monitor USB gadget usage and configurations, especially those involving FunctionFS and configfs, to detect unusual or concurrent binding attempts that could trigger the race condition. 5) Implement robust system monitoring and automated recovery mechanisms to handle unexpected kernel panics, minimizing downtime. 6) For embedded and IoT devices, coordinate with vendors to ensure firmware/kernel updates include this fix. 7) Conduct thorough testing of USB gadget functionality after patching to confirm stability and absence of regressions. These steps go beyond generic advice by focusing on configuration management, kernel version control, and operational readiness specific to the USB gadget subsystem.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-19T11:50:08.374Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdea1f
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 8:55:39 AM
Last updated: 8/5/2025, 6:55:37 PM
Views: 13
Related Threats
CVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.