CVE-2024-56698

usb: dwc3: gadget: Fix looping of queued SG entries

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix looping of queued SG entries

The dwc3_request->num_queued_sgs is decremented on completion. If a
partially completed request is handled, then the
dwc3_request->num_queued_sgs no longer reflects the total number of
num_queued_sgs (it would be cleared).

Correctly check the number of request SG entries remained to be prepare
and queued. Failure to do this may cause null pointer dereference when
accessing non-existent SG entry.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-12-27 CVE Reserved
2024-12-28 CVE Published
2024-12-28 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/c96e6725db9d6a04ac1bee881e3034b636d9f71c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7	2024-12-14
https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28	2024-12-14
https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9	2024-12-14
https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627	2024-12-09
https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ec	2024-12-05
https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859	2024-12-05
https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524	2024-11-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.10.231 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.10.231"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.15.174 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.15.174"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.1.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.1.120"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.6.64 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.6.64"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.11.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.11.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.12.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.12.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.13-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.13-rc1"		en		Affected