CVE-2024-58055

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_tcm: Don't free command immediately

Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcff834c16d23d614388aab1b86d19eb67b3f80c4 < 7cb72dc08ed8da60fd6d1f6adf13bf0e6ee0f694affected
LinuxLinuxcff834c16d23d614388aab1b86d19eb67b3f80c4 < 38229c35a6d7875697dfb293356407330cfcd23eaffected
LinuxLinuxcff834c16d23d614388aab1b86d19eb67b3f80c4 < bbb7f49839b57d66ccaf7b5752d9b63d3031dd0aaffected
LinuxLinuxcff834c16d23d614388aab1b86d19eb67b3f80c4 < f0c33e7d387ccbb6870e73a43c558fefede06614affected
LinuxLinuxcff834c16d23d614388aab1b86d19eb67b3f80c4 < 16907219ad6763f401700e1b57b2da4f3e07f047affected
LinuxLinuxcff834c16d23d614388aab1b86d19eb67b3f80c4 < 929b69810eec132b284ffd19047a85d961df9e4daffected
LinuxLinuxcff834c16d23d614388aab1b86d19eb67b3f80c4 < e6693595bd1b55af62d057a4136a89d5c2ddf0e9affected
LinuxLinuxcff834c16d23d614388aab1b86d19eb67b3f80c4 < c225d006a31949d673e646d585d9569bc28feeb9affected
LinuxLinux4.6affected
LinuxLinux0 < 4.6unaffected
LinuxLinux5.4.291 <= 5.4.*unaffected
LinuxLinux5.10.235 <= 5.10.*unaffected
LinuxLinux5.15.179 <= 5.15.*unaffected
LinuxLinux6.1.129 <= 6.1.*unaffected
LinuxLinux6.6.76 <= 6.6.*unaffected
LinuxLinux6.12.13 <= 6.12.*unaffected
LinuxLinux6.13.2 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References