Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2024-26600
HistoryFeb 24, 2024 - 2:56 p.m.

CVE-2024-26600 phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

2024-02-2414:56:55
Linux
www.cve.org
linux kernel
vulnerability
fix
null pointer dereference
phy-omap-usb2
send_srp()
set_vbus()
usb peripheral

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

If the external phy working together with phy-omap-usb2 does not implement
send_srp(), we may still attempt to call it. This can happen on an idle
Ethernet gadget triggering a wakeup for example:

configfs-gadget.g1 gadget.0: ECM Suspend
configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup

Unable to handle kernel NULL pointer dereference at virtual address
00000000 when execute

PC is at 0x0
LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]

musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]
usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]
eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c
dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4
sch_direct_xmit from __dev_queue_xmit+0x334/0xd88
__dev_queue_xmit from arp_solicit+0xf0/0x268
arp_solicit from neigh_probe+0x54/0x7c
neigh_probe from __neigh_event_send+0x22c/0x47c
__neigh_event_send from neigh_resolve_output+0x14c/0x1c0
neigh_resolve_output from ip_finish_output2+0x1c8/0x628
ip_finish_output2 from ip_send_skb+0x40/0xd8
ip_send_skb from udp_send_skb+0x124/0x340
udp_send_skb from udp_sendmsg+0x780/0x984
udp_sendmsg from __sys_sendto+0xd8/0x158
__sys_sendto from ret_fast_syscall+0x0/0x58

Let’s fix the issue by checking for send_srp() and set_vbus() before
calling them. For USB peripheral only cases these both could be NULL.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/phy/ti/phy-omap-usb2.c"
    ],
    "versions": [
      {
        "version": "657b306a7bdf",
        "lessThan": "486218c11e8d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "657b306a7bdf",
        "lessThan": "8398d8d735ee",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "657b306a7bdf",
        "lessThan": "be3b82e4871b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "657b306a7bdf",
        "lessThan": "8cc889b9dea0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "657b306a7bdf",
        "lessThan": "0430bfcd4665",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "657b306a7bdf",
        "lessThan": "14ef61594a5a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "657b306a7bdf",
        "lessThan": "396e17af6761",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "657b306a7bdf",
        "lessThan": "7104ba0f1958",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/phy/ti/phy-omap-usb2.c"
    ],
    "versions": [
      {
        "version": "3.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.7",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.307",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.269",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.210",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.149",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.78",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.17",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.5",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

ubuntucve 1
redhatcve 1
prion 1
debiancve 1
nvd 1
cve 1
vulnrichment 1
nessus 24
osv 11
openvas 22
ubuntu 7
debian 2
slackware 1
ubuntucve
ubuntucve
CVE-2024-26600
2024-02-26 00:00:00
redhatcve
redhatcve
CVE-2024-26600
2024-02-24 18:01:36
prion
prion
Null pointer dereference
2024-02-26 16:27:00
debiancve
debiancve
CVE-2024-26600
2024-02-26 16:27:59
nvd
nvd
CVE-2024-26600
2024-02-26 16:27:59
cve
cve
CVE-2024-26600
2024-02-26 16:27:59
vulnrichment
vulnrichment
CVE-2024-26600 phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
2024-02-24 14:56:55
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0976-1)
2024-03-23 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6767-1)
2024-05-07 00:00:00
Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6767-2)
2024-05-14 00:00:00
osv
osv
linux-bluefield vulnerabilities
2024-05-14 09:00:08
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities
2024-05-07 19:36:29
linux-oem-6.1 vulnerabilities
2024-03-11 20:17:36
openvas
openvas
Ubuntu: Security Advisory (USN-6767-2)
2024-05-15 00:00:00
Ubuntu: Security Advisory (USN-6767-1)
2024-05-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0975-1)
2024-05-07 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-05-07 00:00:00
Linux kernel (BlueField) vulnerabilities
2024-05-14 00:00:00
Linux kernel (OEM) vulnerabilities
2024-03-11 00:00:00
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27
[SECURITY] [DSA 5681-1] linux security update
2024-05-06 18:31:39
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2024-06-05 19:11:11

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2024-26600
ubuntucve1redhatcve1prion1debiancve1nvd1cve1vulnrichment1nessus24osv11openvas22ubuntu7debian2slackware1