CVE-2024-26716

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26716
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26716.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26716
Downstream
Published
2024-04-03T14:55:17Z
Modified
2025-10-09T03:08:22.934451Z
Summary
usb: core: Prevent null pointer dereference in update_port_device_state
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: core: Prevent null pointer dereference in updateportdevice_state

Currently, the function updateportdevicestate gets the usbhub from udev->parent by calling usbhubtostructhub. However, in case the actconfig or the maxchild is 0, the usbhub would be NULL and upon further accessing to get portdev would result in null pointer dereference.

Fix this by introducing an if check after the usb_hub is populated.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
83cb2604f641cecadc275ca18adbba4bf262320f
Fixed
ed85777c640cf9e6920bb1b60ed8cd48e1f4d873
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
83cb2604f641cecadc275ca18adbba4bf262320f
Fixed
465b545d1d7ef282192ddd4439b08279bdb13f6f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
83cb2604f641cecadc275ca18adbba4bf262320f
Fixed
12783c0b9e2c7915a50d5ec829630ff2da50472c

Affected versions

v6.*

v6.4
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.8-rc1

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.6.18
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.6