CVE-2024-56698

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix looping of queued SG entries

The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared).

Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc96e6725db9d6a04ac1bee881e3034b636d9f71c < 8ceb21d76426bbe7072cc3e43281e70c0d664cc7affected
LinuxLinuxc96e6725db9d6a04ac1bee881e3034b636d9f71c < 0247da93bf62d33304b7bf97850ebf2a86e06d28affected
LinuxLinuxc96e6725db9d6a04ac1bee881e3034b636d9f71c < c9e72352a10ae89a430449f7bfeb043e75c255d9affected
LinuxLinuxc96e6725db9d6a04ac1bee881e3034b636d9f71c < 1534f6f69393aac773465d80d31801b554352627affected
LinuxLinuxc96e6725db9d6a04ac1bee881e3034b636d9f71c < b7c3d0b59213ebeedff63d128728ce0b3d7a51ecaffected
LinuxLinuxc96e6725db9d6a04ac1bee881e3034b636d9f71c < 70777a23a54e359cfdfafc625a57cd56434f3859affected
LinuxLinuxc96e6725db9d6a04ac1bee881e3034b636d9f71c < b7fc65f5141c24785dc8c19249ca4efcf71b3524affected
LinuxLinux4.18affected
LinuxLinux0 < 4.18unaffected
LinuxLinux5.10.231 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References