CVE-2024-53070

usb: dwc3: fix fault at system suspend if device was already runtime suspended

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend
we cannot access the device registers else it will crash. Also we cannot access any registers after dwc3_core_exit() on some
platforms so move the dwc3_enable_susphy() call to the top.

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend we cannot access the device registers else it will crash. Also we cannot access any registers after dwc3_core_exit() on some platforms so move the dwc3_enable_susphy() call to the top.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-11-19 CVE Reserved
2024-11-19 CVE Published
2024-12-19 CVE Updated
2025-03-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/073530898ebf44a9418434e899cfa9ca86945333	Vuln. Introduced
https://git.kernel.org/stable/c/85ca88f93162acb94dbcb26d0ee2b145864d14a1	Vuln. Introduced
https://git.kernel.org/stable/c/4fad7370086797afe6471493e3a5f36add8c48a7	Vuln. Introduced
https://git.kernel.org/stable/c/a690a9e38e6ba819789074388de7cff06425ef5b	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d9e65d461a9de037e7c9d584776d025cfce6d86d	2024-11-14
https://git.kernel.org/stable/c/562804b1561cc248cc37746a1c96c83cab1d7209	2024-11-14
https://git.kernel.org/stable/c/4abc5ee334fe4aba50461c45fdaaa4c5e5c57789	2024-11-14
https://git.kernel.org/stable/c/06b98197b69e2f2af9cb1991ee0b1c876edf7b86	2024-11-14
https://git.kernel.org/stable/c/9cfb31e4c89d200d8ab7cb1e0bb9e6e8d621ca0b	2024-11-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.170 < 5.15.172 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.170 < 5.15.172"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.115 < 6.1.117 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.115 < 6.1.117"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.59 < 6.6.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.59 < 6.6.61"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11.5 < 6.11.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11.5 < 6.11.8"		en		Affected