Skip to content

In the Linux kernel, the following vulnerability has been...

Unreviewed Published Apr 3, 2024 to the GitHub Advisory Database • Updated Apr 3, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

In current scenario if Plug-out and Plug-In performed continuously
there could be a chance while checking for dwc->gadget_driver in
dwc3_gadget_suspend, a NULL pointer dereference may occur.

Call Stack:

CPU1:                           CPU2:
gadget_unbind_driver            dwc3_suspend_common
dwc3_gadget_stop                dwc3_gadget_suspend
                                    dwc3_disconnect_gadget

CPU1 basically clears the variable and CPU2 checks the variable.
Consider CPU1 is running and right before gadget_driver is cleared
and in parallel CPU2 executes dwc3_gadget_suspend where it finds
dwc->gadget_driver which is not NULL and resumes execution and then
CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where
it checks dwc->gadget_driver is already NULL because of which the
NULL pointer deference occur.

References

Published by the National Vulnerability Database Apr 3, 2024
Published to the GitHub Advisory Database Apr 3, 2024
Last updated Apr 3, 2024

Severity

Unknown

EPSS score

0.045%
(17th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2024-26715

GHSA ID

GHSA-97mp-32j5-q87r

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.