134 matches found
SUSE CVE-2024-26749
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...
SUSE CVE-2024-26748
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...
CVE-2024-26749
A vulnerability was found in the Linux kernel's USB CDNS3 driver, where improper handling of memory in cdns3gadgetepdisable can lead to a use-after-free condition. This issue can allows attackers to exploit freed memory regions, which could result in crashes or arbitrary code execution. Mitigatio...
CVE-2024-26748
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlockdev-lock; 831 usbgadgetgivebackrequestep-endpoint, 832 request; 833 spinlockdev-lock; 834 835 836 if request-buf == privdev-zlpbuf 8...
CVE-2024-26748
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...
DEBIAN-CVE-2024-26749
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...
DEBIAN-CVE-2024-26748
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...
CVE-2024-26749
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...
CVE-2024-26748
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...
UBUNTU-CVE-2024-26749
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...
UBUNTU-CVE-2024-26748
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...
CVE-2024-26749 usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...
CVE-2024-26749
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...
CVE-2024-26749
CVE-2024-26749 concerns the Linux kernel USB CDNS3 gadget path. The issue was a memory-use-after-free in cdns3_gadget_ep_disable(), where priv_req is freed via cdns3_gadget_ep_free_request() but list_del_init(&priv_req->list) used priv_req->list after it had been freed, triggering a use-aft...
CVE-2024-26748
CVE-2024-26748 (Linux kernel) — Affects the usb cdns3 gadget driver. A memory double-free could occur when handling a zero-length packet that was queued as an extra request. The patch adds a check at line 829 to skip usb_gadget_giveback_request() for this additional zero-length request, avoiding ...
CVE-2024-26748 usb: cdns3: fix memory double free when handle zero packet
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...
CVE-2024-26749 usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3gadgetepdisable ... cdns3gadgetepfreerequest&privep-endpoint, &privreq-request; listdelinit&privreq-list; ... 'privreq' actually free at cdns3gadgetepfreerequest. But listdelinit us...
CVE-2024-26748
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...
CVE-2024-26748 usb: cdns3: fix memory double free when handle zero packet
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...
kernel: usb: cdns3 fix use-after-free at workaround 2
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3 fix use-after-free at workaround 2 BUG: KFENCE: use-after-free read in listdelentryvalid+0x10/0xac cdns3wa2removeoldrequest ... kfreeprivreq-request.buf; cdns3gadgetepfreerequest&privep-endpoint, &privreq-request;...