In the Linux kernel, the following vulnerability has been resolved:
usb: xhci: Add error handling in xhcimapurbfordma
Currently xhcimapurbfordma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzallocnode() fails, then the following sgpcopytobuffer() can lead to crash since it tries to memcpy to NULL pointer.
So return -ENOMEM if kzalloc returns null pointer.
{ "vanir_signatures": [ { "id": "CVE-2024-26964-09085bd0", "signature_type": "Line", "target": { "file": "drivers/usb/host/xhci.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7b6cc33593d7ccfc3011b290849cfa899db46757", "digest": { "threshold": 0.9, "line_hashes": [ "196305185974454041906733910264288714908", "125579091016566758357983893023706554979", "271276081937830759205031000941556082535", "125274993254988933399058698105074938450" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-2d8249d3", "signature_type": "Line", "target": { "file": "drivers/usb/host/xhci.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2c898469dfc388f619c6c972a28466cbb1442ea", "digest": { "threshold": 0.9, "line_hashes": [ "196305185974454041906733910264288714908", "125579091016566758357983893023706554979", "271276081937830759205031000941556082535", "125274993254988933399058698105074938450" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-40c0d22f", "signature_type": "Function", "target": { "file": "drivers/usb/host/xhci.c", "function": "xhci_map_temp_buffer" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b2c898469dfc388f619c6c972a28466cbb1442ea", "digest": { "function_hash": "12664550832793999355758320689607142122", "length": 726.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-440f9ee3", "signature_type": "Function", "target": { "file": "drivers/usb/host/xhci.c", "function": "xhci_map_temp_buffer" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be95cc6d71dfd0cba66e3621c65413321b398052", "digest": { "function_hash": "12664550832793999355758320689607142122", "length": 726.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-4443ab5f", "signature_type": "Line", "target": { "file": "drivers/usb/host/xhci.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@be95cc6d71dfd0cba66e3621c65413321b398052", "digest": { "threshold": 0.9, "line_hashes": [ "196305185974454041906733910264288714908", "125579091016566758357983893023706554979", "271276081937830759205031000941556082535", "125274993254988933399058698105074938450" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-633cd8fc", "signature_type": "Function", "target": { "file": "drivers/usb/host/xhci.c", "function": "xhci_map_temp_buffer" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@962300a360d24c5be5a188cda48da58a37e4304d", "digest": { "function_hash": "12664550832793999355758320689607142122", "length": 726.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-856e3771", "signature_type": "Line", "target": { "file": "drivers/usb/host/xhci.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@620b6cf2f1a270f48d38e6b8ce199c1acb3e90f4", "digest": { "threshold": 0.9, "line_hashes": [ "196305185974454041906733910264288714908", "125579091016566758357983893023706554979", "271276081937830759205031000941556082535", "125274993254988933399058698105074938450" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-966d322a", "signature_type": "Function", "target": { "file": "drivers/usb/host/xhci.c", "function": "xhci_map_temp_buffer" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a49d24fdec0a802aa686a567a3989a9fdf4e5dd", "digest": { "function_hash": "12664550832793999355758320689607142122", "length": 726.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-9e4d2e6a", "signature_type": "Function", "target": { "file": "drivers/usb/host/xhci.c", "function": "xhci_map_temp_buffer" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@620b6cf2f1a270f48d38e6b8ce199c1acb3e90f4", "digest": { "function_hash": "12664550832793999355758320689607142122", "length": 726.0 }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-a8f60174", "signature_type": "Line", "target": { "file": "drivers/usb/host/xhci.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@962300a360d24c5be5a188cda48da58a37e4304d", "digest": { "threshold": 0.9, "line_hashes": [ "196305185974454041906733910264288714908", "125579091016566758357983893023706554979", "271276081937830759205031000941556082535", "125274993254988933399058698105074938450" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-c787ee6d", "signature_type": "Line", "target": { "file": "drivers/usb/host/xhci.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4a49d24fdec0a802aa686a567a3989a9fdf4e5dd", "digest": { "threshold": 0.9, "line_hashes": [ "196305185974454041906733910264288714908", "125579091016566758357983893023706554979", "271276081937830759205031000941556082535", "125274993254988933399058698105074938450" ] }, "deprecated": false, "signature_version": "v1" }, { "id": "CVE-2024-26964-c958dade", "signature_type": "Function", "target": { "file": "drivers/usb/host/xhci.c", "function": "xhci_map_temp_buffer" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7b6cc33593d7ccfc3011b290849cfa899db46757", "digest": { "function_hash": "12664550832793999355758320689607142122", "length": 726.0 }, "deprecated": false, "signature_version": "v1" } ] }