CVE-2024-44960
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-44960
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44960.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-44960
- Downstream
- Related
- Published
- 2024-09-04T18:35:58.469Z
- Modified
- 2025-11-28T02:34:22.815080Z
- Summary
- usb: gadget: core: Check for unset descriptor
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: core: Check for unset descriptor
Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case.
This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found.
No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44960.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1
- https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62
- https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4
- https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e
- https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18
- https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf
- https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a
- https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44960.json
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-44960
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd1c188d330ca33cc35d1590441ba276f31144299Fixedba15815dd24cc5ec0d23e2170dc58c7db1e03b4a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced54f83b8c8ea9b22082a496deadf90447a326954eFixeddf8e734ae5e605348aa0ca2498aedb73e815f244Fixed7cc9ebcfe58be22f18056ad8bc6272d120bdcb3eFixed50c5248b0ea8aae0529fdf28dac42a41312d3b62Fixeda0362cd6e503278add954123957fd47990e8d9bfFixed1a9df57d57452b104c46c918569143cf21d7ebf1Fixed716cba46f73a92645cf13eded8d257ed48afc2a4Fixed973a57891608a98e894db2887f278777f564de18
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedd7e3f2fe01372eb914d0e451f0e7a46cbcb98f9eLast affected85c9ece11264499890d0e9f0dee431ac1bda981cLast affectedfc71e39a6c07440e6968227f3db1988f45d7a7b7Last affected94f5de2eefae22c449e367c2dacafe869af73e3fLast affected8212b44b7109bd30dbf7eb7f5ecbbc413757a7d7
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.19.320
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.282
- Type
- ECOSYSTEM
- Events
-
Introduced5.4.0Fixed5.10.224
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.15.165
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed6.1.105
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.6.46
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.10.5