CVE-2024-26747

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: roles: fix NULL pointer issue when put module's reference

In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the reference after the user put the usb_role_switch device. However, the parent device of usb_role_switch may be removed before the user put the usb_role_switch. If so, then, NULL pointer issue will be met when the user put the parent module's reference.

This will save the module pointer in structure of usb_role_switch. Then, we don't need to find module by iterating long relations.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < e279bf8e51893e1fe160b3d8126ef2dd00f661e1affected
LinuxLinux5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < ef982fc41055fcebb361a92288d3225783d12913affected
LinuxLinux5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < 0158216805ca7e498d07de38840d2732166ae5faaffected
LinuxLinux5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < 4b45829440b1b208948b39cc71f77a37a2536734affected
LinuxLinux5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < 01f82de440f2ab07c259b7573371e1c42e5565dbaffected
LinuxLinux5c54fcac9a9de559b444ac63ec3cd82f1d157a0b < 1c9be13846c0b2abc2480602f8ef421360e1ad9eaffected
LinuxLinux7b169e33a3bc9040e06988b2bc15e83d2af80358affected
LinuxLinux4.18.12 < 4.19affected
LinuxLinux4.19affected
LinuxLinux0 < 4.19unaffected
LinuxLinux5.10.211 <= 5.10.*unaffected
LinuxLinux5.15.150 <= 5.15.*unaffected
LinuxLinux6.1.80 <= 6.1.*unaffected
LinuxLinux6.6.19 <= 6.6.*unaffected
LinuxLinux6.7.7 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References