CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.5%
In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: prevent potential failure in handle_tx_event() for Transfer
events without TRB
Some transfer events don’t always point to a TRB, and consequently don’t
have a endpoint ring. In these cases, function handle_tx_event() should
not proceed, because if ‘ep->skip’ is set, the pointer to the endpoint
ring is used.
To prevent a potential failure and make the code logical, return after
checking the completion code for a Transfer event without TRBs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-azure | < any | UNKNOWN |
git.kernel.org/linus/66cb618bf0bb82859875b00eeffaf223557cb416 (6.10-rc1)
git.kernel.org/stable/c/1f4a10cb826fdec5cd442df010bcb3043bfd6464
git.kernel.org/stable/c/66cb618bf0bb82859875b00eeffaf223557cb416
git.kernel.org/stable/c/69bed24c82139bbad0a78a075e1834a2ea7bd064
git.kernel.org/stable/c/948554f1bb16e15b90006c109c3a558c66d4c4ac
git.kernel.org/stable/c/9a24eb8010c2dc6a2eba56e3eb9fc07d14ffe00a
git.kernel.org/stable/c/c0ee01e8ba19ff7edc98f68a114d4789faa219b9
launchpad.net/bugs/cve/CVE-2024-42226
nvd.nist.gov/vuln/detail/CVE-2024-42226
security-tracker.debian.org/tracker/CVE-2024-42226
www.cve.org/CVERecord?id=CVE-2024-42226