CVE-2024-26715

2024-04-0315:15:53

Linux

web.nvd.nist.gov

linux kernel

usb

vulnerability

AI Score

6.4

Confidence

Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

In current scenario if Plug-out and Plug-In performed continuously
there could be a chance while checking for dwc->gadget_driver in
dwc3_gadget_suspend, a NULL pointer dereference may occur.

Call Stack:

CPU1:                           CPU2:
gadget_unbind_driver            dwc3_suspend_common
dwc3_gadget_stop                dwc3_gadget_suspend
                                    dwc3_disconnect_gadget

CPU1 basically clears the variable and CPU2 checks the variable.
Consider CPU1 is running and right before gadget_driver is cleared
and in parallel CPU2 executes dwc3_gadget_suspend where it finds
dwc->gadget_driver which is not NULL and resumes execution and then
CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where
it checks dwc->gadget_driver is already NULL because of which the
NULL pointer deference occur.

Affected configurations

Vulners

Node

linuxlinux_kernelRange4.6–5.15.149

linuxlinux_kernelRange5.16.0–6.1.79

linuxlinux_kernelRange6.2.0–6.6.18

linuxlinux_kernelRange6.7.0–6.7.6

linuxlinux_kernelRange6.8.0≥

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/usb/dwc3/gadget.c"
    ],
    "versions": [
      {
        "version": "9772b47a4c29",
        "lessThan": "88936ceab6b4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9772b47a4c29",
        "lessThan": "57e2e42ccd3c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9772b47a4c29",
        "lessThan": "c7ebd8149ee5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9772b47a4c29",
        "lessThan": "36695d5eeeef",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9772b47a4c29",
        "lessThan": "61a348857e86",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/usb/dwc3/gadget.c"
    ],
    "versions": [
      {
        "version": "4.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.6",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.149",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.79",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.18",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.6",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]