CVE-2024-43883

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-43883
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43883.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-43883
Downstream
Related
Published
2024-08-23T13:08:10.508Z
Modified
2026-05-15T11:53:30.817200544Z
Summary
usb: vhci-hcd: Do not drop references before new references are gained
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: vhci-hcd: Do not drop references before new references are gained

At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43883.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.38
Fixed
4.19.320
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.282
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.224
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.165
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.105
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.46
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43883.json"