CVE-2024-26747

usb: roles: fix NULL pointer issue when put module's reference

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's
module reference after the user get usb_role_switch device and put the
reference after the user put the usb_role_switch device. However, the
parent device of usb_role_switch may be removed before the user put the
usb_role_switch. If so, then, NULL pointer issue will be met when the user
put the parent module's reference. This will save the module pointer in structure of usb_role_switch. Then,
we don't need to find module by iterating long relations.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: roles: soluciona el problema del puntero NULL al colocar la referencia del módulo. En el diseño actual, el controlador de clase de rol usb obtendrá la referencia del módulo principal usb_role_switch después de que el usuario obtenga el dispositivo usb_role_switch y coloque la referencia después del El usuario puso el dispositivo usb_role_switch. Sin embargo, el dispositivo principal de usb_role_switch se puede eliminar antes de que el usuario coloque usb_role_switch. Si es así, entonces, el problema del puntero NULL se solucionará cuando el usuario coloque la referencia del módulo principal. Esto guardará el puntero del módulo en la estructura de usb_role_switch. Entonces, no necesitamos encontrar el módulo iterando relaciones largas.

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the reference after the user put the usb_role_switch device. However, the parent device of usb_role_switch may be removed before the user put the usb_role_switch. If so, then, NULL pointer issue will be met when the user put the parent module's reference. This will save the module pointer in structure of usb_role_switch. Then, we don't need to find module by iterating long relations.

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-03 CVE Published
2024-12-19 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/5c54fcac9a9de559b444ac63ec3cd82f1d157a0b	Vuln. Introduced
https://git.kernel.org/stable/c/7b169e33a3bc9040e06988b2bc15e83d2af80358	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1	2024-03-01
https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913	2024-03-01
https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa	2024-03-01
https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734	2024-03-01
https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db	2024-03-01
https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e	2024-02-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 5.10.211 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 5.10.211"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 5.15.150 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 5.15.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 6.1.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 6.1.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 6.6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 6.6.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 6.7.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 6.7.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				4.18.12 Search vendor "Linux" for product "Linux Kernel" and version "4.18.12"		en		Affected