CVE-2024-26747
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26747
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26747.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26747
- Downstream
- Related
- Published
- 2024-04-03T17:00:34.066Z
- Modified
- 2025-11-28T02:34:51.929202Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- usb: roles: fix NULL pointer issue when put module's reference
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: roles: fix NULL pointer issue when put module's reference
In current design, usb role class driver will get usbroleswitch parent's module reference after the user get usbroleswitch device and put the reference after the user put the usbroleswitch device. However, the parent device of usbroleswitch may be removed before the user put the usbroleswitch. If so, then, NULL pointer issue will be met when the user put the parent module's reference.
This will save the module pointer in structure of usbroleswitch. Then, we don't need to find module by iterating long relations.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26747.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa
- https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db
- https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e
- https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734
- https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1
- https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26747.json
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-26747
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5c54fcac9a9de559b444ac63ec3cd82f1d157a0bFixede279bf8e51893e1fe160b3d8126ef2dd00f661e1Fixedef982fc41055fcebb361a92288d3225783d12913Fixed0158216805ca7e498d07de38840d2732166ae5faFixed4b45829440b1b208948b39cc71f77a37a2536734Fixed01f82de440f2ab07c259b7573371e1c42e5565dbFixed1c9be13846c0b2abc2480602f8ef421360e1ad9e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected7b169e33a3bc9040e06988b2bc15e83d2af80358