CVE-2024-44960

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: core: Check for unset descriptor

Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case.

This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found.

No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd1c188d330ca33cc35d1590441ba276f31144299 < ba15815dd24cc5ec0d23e2170dc58c7db1e03b4aaffected
LinuxLinux54f83b8c8ea9b22082a496deadf90447a326954e < df8e734ae5e605348aa0ca2498aedb73e815f244affected
LinuxLinux54f83b8c8ea9b22082a496deadf90447a326954e < 7cc9ebcfe58be22f18056ad8bc6272d120bdcb3eaffected
LinuxLinux54f83b8c8ea9b22082a496deadf90447a326954e < 50c5248b0ea8aae0529fdf28dac42a41312d3b62affected
LinuxLinux54f83b8c8ea9b22082a496deadf90447a326954e < a0362cd6e503278add954123957fd47990e8d9bfaffected
LinuxLinux54f83b8c8ea9b22082a496deadf90447a326954e < 1a9df57d57452b104c46c918569143cf21d7ebf1affected
LinuxLinux54f83b8c8ea9b22082a496deadf90447a326954e < 716cba46f73a92645cf13eded8d257ed48afc2a4affected
LinuxLinux54f83b8c8ea9b22082a496deadf90447a326954e < 973a57891608a98e894db2887f278777f564de18affected
LinuxLinuxd7e3f2fe01372eb914d0e451f0e7a46cbcb98f9eaffected
LinuxLinux85c9ece11264499890d0e9f0dee431ac1bda981caffected
LinuxLinuxfc71e39a6c07440e6968227f3db1988f45d7a7b7affected
LinuxLinux94f5de2eefae22c449e367c2dacafe869af73e3faffected
LinuxLinux8212b44b7109bd30dbf7eb7f5ecbbc413757a7d7affected
LinuxLinux4.19.82 < 4.19.320affected
LinuxLinux3.16.80 < 3.17affected
LinuxLinux4.4.199 < 4.5affected
LinuxLinux4.9.199 < 4.10affected
LinuxLinux4.14.152 < 4.15affected
LinuxLinux5.3.9 < 5.4affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux4.19.320 <= 4.19.*unaffected
LinuxLinux5.4.282 <= 5.4.*unaffected
LinuxLinux5.10.224 <= 5.10.*unaffected
LinuxLinux5.15.165 <= 5.15.*unaffected
LinuxLinux6.1.105 <= 6.1.*unaffected
LinuxLinux6.6.46 <= 6.6.*unaffected
LinuxLinux6.10.5 <= 6.10.*unaffected
LinuxLinux6.11 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References