CVE-2024-43883

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: vhci-hcd: Do not drop references before new references are gained

At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7606ee8aa33287dd3e6eb44c78541b87a413a325 < 5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89affected
LinuxLinux7606ee8aa33287dd3e6eb44c78541b87a413a325 < 9c3746ce8d8fcb3a2405644fc0eec7fc5312de80affected
LinuxLinux7606ee8aa33287dd3e6eb44c78541b87a413a325 < 4dacdb9720aaab10b6be121eae55820174d97174affected
LinuxLinux7606ee8aa33287dd3e6eb44c78541b87a413a325 < e8c1e606dab8c56cf074b43b98d0805de7322ba2affected
LinuxLinux7606ee8aa33287dd3e6eb44c78541b87a413a325 < 585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14affected
LinuxLinux7606ee8aa33287dd3e6eb44c78541b87a413a325 < 128e82e41cf7d74a562726c1587d9d2ede1a0a37affected
LinuxLinux7606ee8aa33287dd3e6eb44c78541b87a413a325 < c3d0857b7fc2c49f68f89128a5440176089a8f54affected
LinuxLinux7606ee8aa33287dd3e6eb44c78541b87a413a325 < afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0aaffected
LinuxLinux96ea4801d2035f89fc4ec4a67f49a18c35cb6715affected
LinuxLinux075b4e6a982d38121250c090f7b9294314ac1b19affected
LinuxLinux436e52f1a628233f080605dd736594df250897caaffected
LinuxLinux1c8d316294916da7e2a2f1f178ca3f3bd6d7b531affected
LinuxLinux927c3fa44e24300eb827ab9f9dacce6dff9c9bb7affected
LinuxLinux2.6.32.30 < 2.6.33affected
LinuxLinux2.6.33.8 < 2.6.34affected
LinuxLinux2.6.34.10 < 2.6.35affected
LinuxLinux2.6.35.12 < 2.6.36affected
LinuxLinux2.6.37.3 < 2.6.38affected
LinuxLinux2.6.38affected
LinuxLinux0 < 2.6.38unaffected
LinuxLinux4.19.320 <= 4.19.*unaffected
LinuxLinux5.4.282 <= 5.4.*unaffected
LinuxLinux5.10.224 <= 5.10.*unaffected
LinuxLinux5.15.165 <= 5.15.*unaffected
LinuxLinux6.1.105 <= 6.1.*unaffected
LinuxLinux6.6.46 <= 6.6.*unaffected
LinuxLinux6.10.5 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References