CVE-2024-26715

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-26715
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26715.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26715
Downstream
Related
Published
2024-04-03T14:55:16.395Z
Modified
2026-05-15T04:09:17.020434311Z
Summary
usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix NULL pointer dereference in dwc3gadgetsuspend

In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadgetdriver in dwc3gadget_suspend, a NULL pointer dereference may occur.

Call Stack:

CPU1:                           CPU2:
gadget_unbind_driver            dwc3_suspend_common
dwc3_gadget_stop                dwc3_gadget_suspend
                                    dwc3_disconnect_gadget

CPU1 basically clears the variable and CPU2 checks the variable. Consider CPU1 is running and right before gadgetdriver is cleared and in parallel CPU2 executes dwc3gadgetsuspend where it finds dwc->gadgetdriver which is not NULL and resumes execution and then CPU1 completes execution. CPU2 executes dwc3disconnectgadget where it checks dwc->gadget_driver is already NULL because of which the NULL pointer deference occur.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26715.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.6.0
Fixed
5.15.149
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.79
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.18
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.6

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26715.json"