CVE-2024-26716
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26716
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26716.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26716
- Downstream
- Published
- 2024-04-03T14:55:17Z
- Modified
- 2025-10-09T03:08:22.934451Z
- Summary
- usb: core: Prevent null pointer dereference in update_port_device_state
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: core: Prevent null pointer dereference in updateportdevice_state
Currently, the function updateportdevicestate gets the usbhub from udev->parent by calling usbhubtostructhub. However, in case the actconfig or the maxchild is 0, the usbhub would be NULL and upon further accessing to get portdev would result in null pointer dereference.
Fix this by introducing an if check after the usb_hub is populated.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced83cb2604f641cecadc275ca18adbba4bf262320fFixeded85777c640cf9e6920bb1b60ed8cd48e1f4d873
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced83cb2604f641cecadc275ca18adbba4bf262320fFixed465b545d1d7ef282192ddd4439b08279bdb13f6f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced83cb2604f641cecadc275ca18adbba4bf262320fFixed12783c0b9e2c7915a50d5ec829630ff2da50472c
Affected versions
v6.*
v6.4
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.8-rc1