In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: configfs: Fix OOB read on empty string write
When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero.
This patch fixes the vulnerability by adding a check at the beginning of osdescqwsignstore() and webusblandingPagestore() to handle the zero-length input case gracefully by returning immediately.