CVE-2024-43883
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: vhci-hcd: Do not drop references before new references are gained
At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7606ee8aa33287dd3e6eb44c78541b87a413a325 < 5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89 | affected |
| Linux | Linux | 7606ee8aa33287dd3e6eb44c78541b87a413a325 < 9c3746ce8d8fcb3a2405644fc0eec7fc5312de80 | affected |
| Linux | Linux | 7606ee8aa33287dd3e6eb44c78541b87a413a325 < 4dacdb9720aaab10b6be121eae55820174d97174 | affected |
| Linux | Linux | 7606ee8aa33287dd3e6eb44c78541b87a413a325 < e8c1e606dab8c56cf074b43b98d0805de7322ba2 | affected |
| Linux | Linux | 7606ee8aa33287dd3e6eb44c78541b87a413a325 < 585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14 | affected |
| Linux | Linux | 7606ee8aa33287dd3e6eb44c78541b87a413a325 < 128e82e41cf7d74a562726c1587d9d2ede1a0a37 | affected |
| Linux | Linux | 7606ee8aa33287dd3e6eb44c78541b87a413a325 < c3d0857b7fc2c49f68f89128a5440176089a8f54 | affected |
| Linux | Linux | 7606ee8aa33287dd3e6eb44c78541b87a413a325 < afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a | affected |
| Linux | Linux | 96ea4801d2035f89fc4ec4a67f49a18c35cb6715 | affected |
| Linux | Linux | 075b4e6a982d38121250c090f7b9294314ac1b19 | affected |
| Linux | Linux | 436e52f1a628233f080605dd736594df250897ca | affected |
| Linux | Linux | 1c8d316294916da7e2a2f1f178ca3f3bd6d7b531 | affected |
| Linux | Linux | 927c3fa44e24300eb827ab9f9dacce6dff9c9bb7 | affected |
| Linux | Linux | 2.6.32.30 < 2.6.33 | affected |
| Linux | Linux | 2.6.33.8 < 2.6.34 | affected |
| Linux | Linux | 2.6.34.10 < 2.6.35 | affected |
| Linux | Linux | 2.6.35.12 < 2.6.36 | affected |
| Linux | Linux | 2.6.37.3 < 2.6.38 | affected |
| Linux | Linux | 2.6.38 | affected |
| Linux | Linux | 0 < 2.6.38 | unaffected |
| Linux | Linux | 4.19.320 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.282 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.224 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.165 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.105 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.46 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.5 <= 6.10.* | unaffected |
| Linux | Linux | 6.11 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
References
- https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89
- https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80
- https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174
- https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2
- https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14
- https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37
- https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54
- https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.