CVE-2024-26747
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: roles: fix NULL pointer issue when put module's reference
In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the reference after the user put the usb_role_switch device. However, the parent device of usb_role_switch may be removed before the user put the usb_role_switch. If so, then, NULL pointer issue will be met when the user put the parent module's reference.
This will save the module pointer in structure of usb_role_switch. Then, we don't need to find module by iterating long relations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < e279bf8e51893e1fe160b3d8126ef2dd00f661e1 | affected |
| Linux | Linux | 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < ef982fc41055fcebb361a92288d3225783d12913 | affected |
| Linux | Linux | 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < 0158216805ca7e498d07de38840d2732166ae5fa | affected |
| Linux | Linux | 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < 4b45829440b1b208948b39cc71f77a37a2536734 | affected |
| Linux | Linux | 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < 01f82de440f2ab07c259b7573371e1c42e5565db | affected |
| Linux | Linux | 5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < 1c9be13846c0b2abc2480602f8ef421360e1ad9e | affected |
| Linux | Linux | 7b169e33a3bc9040e06988b2bc15e83d2af80358 | affected |
| Linux | Linux | 4.18.12 < 4.19 | affected |
| Linux | Linux | 4.19 | affected |
| Linux | Linux | 0 < 4.19 | unaffected |
| Linux | Linux | 5.10.211 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.150 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.80 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.19 <= 6.6.* | unaffected |
| Linux | Linux | 6.7.7 <= 6.7.* | unaffected |
| Linux | Linux | 6.8 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1
- https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913
- https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa
- https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734
- https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db
- https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
References
- https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1
- https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913
- https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa
- https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734
- https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db
- https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.