CVE-2024-46674
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: st: fix probed platform device ref count on probe error path
The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | f83fca0707c66e36f14efef7f68702cb12de70b7 < b0979a885b9d4df2a25b88e9d444ccaa5f9f495c | affected |
| Linux | Linux | f83fca0707c66e36f14efef7f68702cb12de70b7 < f3498650df0805c75b4e1c94d07423c46cbf4ce1 | affected |
| Linux | Linux | f83fca0707c66e36f14efef7f68702cb12de70b7 < 6aee4c5635d81f4809c3b9f0c198a65adfbb2ada | affected |
| Linux | Linux | f83fca0707c66e36f14efef7f68702cb12de70b7 < 060f41243ad7f6f5249fa7290dda0c01f723d12d | affected |
| Linux | Linux | f83fca0707c66e36f14efef7f68702cb12de70b7 < 4c6735299540f3c82a5033d35be76a5c42e0fb18 | affected |
| Linux | Linux | f83fca0707c66e36f14efef7f68702cb12de70b7 < e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49 | affected |
| Linux | Linux | f83fca0707c66e36f14efef7f68702cb12de70b7 < 1de989668708ce5875efc9d669d227212aeb9a90 | affected |
| Linux | Linux | f83fca0707c66e36f14efef7f68702cb12de70b7 < ddfcfeba891064b88bb844208b43bef2ef970f0c | affected |
| Linux | Linux | 3.18 | affected |
| Linux | Linux | 0 < 3.18 | unaffected |
| Linux | Linux | 4.19.321 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.283 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.225 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.166 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.108 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.49 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.8 <= 6.10.* | unaffected |
| Linux | Linux | 6.11 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
References
- https://git.kernel.org/stable/c/b0979a885b9d4df2a25b88e9d444ccaa5f9f495c
- https://git.kernel.org/stable/c/f3498650df0805c75b4e1c94d07423c46cbf4ce1
- https://git.kernel.org/stable/c/6aee4c5635d81f4809c3b9f0c198a65adfbb2ada
- https://git.kernel.org/stable/c/060f41243ad7f6f5249fa7290dda0c01f723d12d
- https://git.kernel.org/stable/c/4c6735299540f3c82a5033d35be76a5c42e0fb18
- https://git.kernel.org/stable/c/e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49
- https://git.kernel.org/stable/c/1de989668708ce5875efc9d669d227212aeb9a90
- https://git.kernel.org/stable/c/ddfcfeba891064b88bb844208b43bef2ef970f0c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.