Lucene search
Redhat.comRH:CVE-2024-36896HistoryJun 03, 2024 - 1:32 p.m.
CVE-2024-36896
2024-06-0313:32:50
redhat.com
access.redhat.com
2
linux
kernel
usb
access violation
port device
removal
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disable_store(): usb_hub_to_struct_hub() can return NULL if the hub that the port belongs to is concurrently removed, but the function does not check for this possibility before dereferencing the returned value. It turns out that the first dereference is unnecessary, since hub->intfdev is the parent of the port device, so it can be changed easily. Adding a check for hub == NULL prevents further problems. The same bug exists in the disable_show() routine, and it can be fixed the same way.
Related
nvd
nvd
CVE-2024-36896
2024-05-30 16:15:13
debiancve
debiancve
CVE-2024-36896
2024-05-30 16:15:13
cve
cve
CVE-2024-36896
2024-05-30 16:15:13
vulnrichment
vulnrichment
CVE-2024-36896 USB: core: Fix access violation during port device removal
2024-05-30 15:29:00
cvelist
cvelist
CVE-2024-36896 USB: core: Fix access violation during port device removal
2024-05-30 15:29:00
ubuntucve
ubuntucve
CVE-2024-36896
2024-05-30 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2135-1)
2024-06-22 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
2024-06-14 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
2024-06-13 00:00:00