Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2024-26715
HistoryApr 03, 2024 - 2:55 p.m.

CVE-2024-26715 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

2024-04-0314:55:16
Linux
github.com
3
linux kernel
usb vulnerability
null pointer dereference
dwc3 gadget
plug-out
plug-in
call stack

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

In current scenario if Plug-out and Plug-In performed continuously
there could be a chance while checking for dwc->gadget_driver in
dwc3_gadget_suspend, a NULL pointer dereference may occur.

Call Stack:

CPU1:                           CPU2:
gadget_unbind_driver            dwc3_suspend_common
dwc3_gadget_stop                dwc3_gadget_suspend
                                    dwc3_disconnect_gadget

CPU1 basically clears the variable and CPU2 checks the variable.
Consider CPU1 is running and right before gadget_driver is cleared
and in parallel CPU2 executes dwc3_gadget_suspend where it finds
dwc->gadget_driver which is not NULL and resumes execution and then
CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where
it checks dwc->gadget_driver is already NULL because of which the
NULL pointer deference occur.

Related

redhatcve 1
nvd 1
debiancve 1
cvelist 1
ubuntucve 1
cve 1
redos 1
ubuntu 10
nessus 15
osv 13
openvas 11
debian 1
slackware 1
redhatcve
redhatcve
CVE-2024-26715
2024-04-04 00:06:48
nvd
nvd
CVE-2024-26715
2024-04-03 15:15:53
debiancve
debiancve
CVE-2024-26715
2024-04-03 15:15:53
cvelist
cvelist
CVE-2024-26715 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
2024-04-03 14:55:16
ubuntucve
ubuntucve
CVE-2024-26715
2024-04-03 00:00:00
cve
cve
CVE-2024-26715
2024-04-03 15:15:53
redos
redos
ROS-20240821-02
2024-08-21 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-05-07 00:00:00
Linux kernel (AWS) vulnerabilities
2024-05-20 00:00:00
Linux kernel (Intel IoTG) vulnerabilities
2024-05-28 00:00:00
nessus
nessus
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6895-1)
2024-07-12 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6766-3)
2024-05-20 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)
2024-05-07 00:00:00
osv
osv
linux-intel-iotg vulnerabilities
2024-05-28 19:06:59
linux-aws, linux-aws-5.15 vulnerabilities
2024-05-20 13:05:13
linux-hwe-5.15, linux-raspi vulnerabilities
2024-05-15 15:15:08
openvas
openvas
Ubuntu: Security Advisory (USN-6795-1)
2024-05-29 00:00:00
Ubuntu: Security Advisory (USN-6895-4)
2024-08-05 00:00:00
Ubuntu: Security Advisory (USN-6766-3)
2024-05-21 00:00:00
debian
debian
[SECURITY] [DSA 5658-1] linux security update
2024-04-13 06:38:27
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2024-06-05 19:11:11

AI Score

6.9

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-26715
redhatcve1nvd1debiancve1cvelist1ubuntucve1cve1redos1ubuntu10nessus15osv13openvas11debian1slackware1