CVE-2024-36896
USB: core: Fix access violation during port device removal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix access violation during port device removal
Testing with KASAN and syzkaller revealed a bug in port.c:disable_store():
usb_hub_to_struct_hub() can return NULL if the hub that the port belongs to
is concurrently removed, but the function does not check for this
possibility before dereferencing the returned value.
It turns out that the first dereference is unnecessary, since hub->intfdev
is the parent of the port device, so it can be changed easily. Adding a
check for hub == NULL prevents further problems.
The same bug exists in the disable_show() routine, and it can be fixed the
same way.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: USB: core: corrige la infracción de acceso durante la eliminación del dispositivo del puerto. Las pruebas con KASAN y syzkaller revelaron un error en port.c:disable_store(): usb_hub_to_struct_hub() puede devolver NULL si el hub que el puerto al que pertenece se elimina simultáneamente, pero la función no comprueba esta posibilidad antes de desreferenciar el valor devuelto. Resulta que la primera desreferencia es innecesaria, ya que hub->intfdev es el padre del dispositivo portuario, por lo que se puede cambiar fácilmente. Agregar una verificación para hub == NULL evita más problemas. El mismo error existe en la rutina enable_show() y se puede solucionar de la misma manera.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-05-30 CVE Reserved
- 2024-05-30 CVE Published
- 2024-05-31 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-170: Improper Null Termination
- CWE-476: NULL Pointer Dereference
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/f061f43d7418cb62b8d073e221ec75d3f5b89e17 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-36896 | 2024-11-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2284556 | 2024-11-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.1.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.1.91" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.6.31" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.8.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.8.10" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.0 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.0 < 6.9" | en |
Affected
|