{"id":"CVE-2024-57913","summary":"usb: gadget: f_fs: Remove WARN_ON in functionfs_bind","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Remove WARN_ON in functionfs_bind\n\nThis commit addresses an issue related to below kernel panic where\npanic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON\nin functionsfs_bind, which easily leads to the following scenarios.\n\n1.adb_write in adbd               2. UDC write via configfs\n  =================\t             =====================\n\n-\u003eusb_ffs_open_thread()           -\u003eUDC write\n -\u003eopen_functionfs()               -\u003econfigfs_write_iter()\n  -\u003eadb_open()                      -\u003egadget_dev_desc_UDC_store()\n   -\u003eadb_write()                     -\u003eusb_gadget_register_driver_owner\n                                      -\u003edriver_register()\n-\u003eStartMonitor()                       -\u003ebus_add_driver()\n -\u003eadb_read()                           -\u003egadget_bind_driver()\n\u003ctimes-out without BIND event\u003e           -\u003econfigfs_composite_bind()\n                                          -\u003eusb_add_function()\n-\u003eopen_functionfs()                        -\u003effs_func_bind()\n -\u003eadb_open()                               -\u003efunctionfs_bind()\n                                       \u003cffs-\u003estate !=FFS_ACTIVE\u003e\n\nThe adb_open, adb_read, and adb_write operations are invoked from the\ndaemon, but trying to bind the function is a process that is invoked by\nUDC write through configfs, which opens up the possibility of a race\ncondition between the two paths. In this race scenario, the kernel panic\noccurs due to the WARN_ON from functionfs_bind when panic_on_warn is\nenabled. This commit fixes the kernel panic by removing the unnecessary\nWARN_ON.\n\nKernel panic - not syncing: kernel: panic_on_warn set ...\n[   14.542395] Call trace:\n[   14.542464]  ffs_func_bind+0x1c8/0x14a8\n[   14.542468]  usb_add_function+0xcc/0x1f0\n[   14.542473]  configfs_composite_bind+0x468/0x588\n[   14.542478]  gadget_bind_driver+0x108/0x27c\n[   14.542483]  really_probe+0x190/0x374\n[   14.542488]  __driver_probe_device+0xa0/0x12c\n[   14.542492]  driver_probe_device+0x3c/0x220\n[   14.542498]  __driver_attach+0x11c/0x1fc\n[   14.542502]  bus_for_each_dev+0x104/0x160\n[   14.542506]  driver_attach+0x24/0x34\n[   14.542510]  bus_add_driver+0x154/0x270\n[   14.542514]  driver_register+0x68/0x104\n[   14.542518]  usb_gadget_register_driver_owner+0x48/0xf4\n[   14.542523]  gadget_dev_desc_UDC_store+0xf8/0x144\n[   14.542526]  configfs_write_iter+0xf0/0x138","modified":"2026-04-16T04:31:32.919319633Z","published":"2025-01-19T11:52:35.149Z","related":["SUSE-SU-2025:0289-1","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7379-2","USN-7380-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57913.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/19fc1c83454ca9d5699e39633ec79ce26355251c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3e4d32cc145955d5c56c5498a3ff057e4aafa9d1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/82f60f3600aecd9ffcd0fbc4e193694511c85b47"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bfe60030fcd976e3546e1f73d6d0eb3fea26442e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dfc51e48bca475bbee984e90f33fdc537ce09699"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ea6a1498742430eb2effce0d1439ff29ef37dd7d"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/57xxx/CVE-2024-57913.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57913"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ddf8abd2599491cbad959c700b90ba72a5dce8d0"},{"fixed":"bfe60030fcd976e3546e1f73d6d0eb3fea26442e"},{"fixed":"3e4d32cc145955d5c56c5498a3ff057e4aafa9d1"},{"fixed":"19fc1c83454ca9d5699e39633ec79ce26355251c"},{"fixed":"82f60f3600aecd9ffcd0fbc4e193694511c85b47"},{"fixed":"ea6a1498742430eb2effce0d1439ff29ef37dd7d"},{"fixed":"a8b6a18b9b66cc4c016d63132b59ce5383f7cdd2"},{"fixed":"dfc51e48bca475bbee984e90f33fdc537ce09699"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57913.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}