CVE-2024-26997

usb: dwc2: host: Fix dereference issue in DDMA completion flow.

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc2: host: Fix dereference issue in DDMA completion flow.

Fixed variable dereference issue in DDMA completion flow.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb: dwc2: host: solucionó el problema de desreferencia en el flujo de finalización de DDMA. Se solucionó el problema de desreferencia variable en el flujo de finalización de DDMA.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-05-03 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (18)

URL	Tag	Source
https://git.kernel.org/stable/c/dca1dc1e99e09e7b8eaccb55d6aecb87d9cb8ecd	Vuln. Introduced
https://git.kernel.org/stable/c/693bbbccd9c774adacaf03ae9fcbb33b66b1ffc4	Vuln. Introduced
https://git.kernel.org/stable/c/db4fa0c8e811676a7bfe8363a01e70ee601e75f7	Vuln. Introduced
https://git.kernel.org/stable/c/32d3f2f108ebcaf9bd9fc06095c776cb73add034	Vuln. Introduced
https://git.kernel.org/stable/c/bc48eb1b53ce977d17d51caa574bd81064a117a2	Vuln. Introduced
https://git.kernel.org/stable/c/8d310e5d702c903a7ac95fb5dd248f046b39db00	Vuln. Introduced
https://git.kernel.org/stable/c/8b7c57ab6f6bc6bfee87e929cab6e6dac351606b	Vuln. Introduced
https://git.kernel.org/stable/c/c4046e703e0083c8d2031cce02f2479e9ba2c166	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/257d313e37d66c3bcc87197fb5b8549129c45dfe	2024-05-02
https://git.kernel.org/stable/c/75bf5e78b2a27cb1bca6fa826e3ab685015165e1	2024-05-02
https://git.kernel.org/stable/c/26fde0ea40dda1b08fad3bc0a43f122f6dd8bddf	2024-05-02
https://git.kernel.org/stable/c/8aa5c28ac65cb5e7f1b9c0c3238c00b661dd2b8c	2024-04-27
https://git.kernel.org/stable/c/9de10b59d16880a0a3ae2876c142fe54ce45d816	2024-04-27
https://git.kernel.org/stable/c/8a139fa44870e84ac228b7b76423a49610e5ba9a	2024-04-27
https://git.kernel.org/stable/c/55656b2afd5f1efcec4245f3e7e814c2a9ef53f6	2024-04-27
https://git.kernel.org/stable/c/eed04fa96c48790c1cce73c8a248e9d460b088f8	2024-04-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.312 < 4.19.313 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.312 < 4.19.313"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.274 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.274 < 5.4.275"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.215 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.215 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.154 < 5.15.157 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.154 < 5.15.157"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.84 < 6.1.88 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.84 < 6.1.88"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.24 < 6.6.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.24 < 6.6.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.8.3 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.8.3 < 6.8.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.7.12 Search vendor "Linux" for product "Linux Kernel" and version "6.7.12"		en		Affected