In the Linux kernel, the following vulnerability has been resolved: xhci:
handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly
forbids assuming that the xHC has released its ownership of a multi-TRB TD
when it reports an error on one of the early TRBs. Yet the driver makes
such assumption and releases the TD, allowing the remaining TRBs to be
freed or overwritten by new TDs. The xHC should also report completion of
the final TRB due to its IOC flag being set by us, regardless of prior
errors. This event cannot be recognized if the TD has already been freed
earlier, resulting in “Transfer event TRB DMA ptr not part of current TD”
error message. Fix this by reusing the logic for processing isoc
Transaction Errors. This also handles hosts which fail to report the final
completion. Fix transfer length reporting on Babble errors. They may be
caused by device malfunction, no guarantee that the buffer has been filled.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-112.122 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-44.44 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1063.69 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1063.69~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < 6.5.0-1023.23~22.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1066.75 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |
git.kernel.org/linus/7c4650ded49e5b88929ecbbb631efb8b0838e811 (6.8-rc3)
git.kernel.org/stable/c/2aa7bcfdbb46241c701811bbc0d64d7884e3346c
git.kernel.org/stable/c/2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3
git.kernel.org/stable/c/418456c0ce56209610523f21734c5612ee634134
git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e
git.kernel.org/stable/c/7c4650ded49e5b88929ecbbb631efb8b0838e811
git.kernel.org/stable/c/f5e7ffa9269a448a720e21f1ed1384d118298c97
launchpad.net/bugs/cve/CVE-2024-26659
nvd.nist.gov/vuln/detail/CVE-2024-26659
security-tracker.debian.org/tracker/CVE-2024-26659
ubuntu.com/security/notices/USN-6820-1
ubuntu.com/security/notices/USN-6820-2
ubuntu.com/security/notices/USN-6821-1
ubuntu.com/security/notices/USN-6821-2
ubuntu.com/security/notices/USN-6821-3
ubuntu.com/security/notices/USN-6821-4
ubuntu.com/security/notices/USN-6828-1
ubuntu.com/security/notices/USN-6871-1
ubuntu.com/security/notices/USN-6892-1
ubuntu.com/security/notices/USN-6895-1
ubuntu.com/security/notices/USN-6895-2
ubuntu.com/security/notices/USN-6895-3
ubuntu.com/security/notices/USN-6900-1
ubuntu.com/security/notices/USN-6919-1
www.cve.org/CVERecord?id=CVE-2024-26659