CVE-2024-45027

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45027
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45027.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45027
Downstream
Published
2024-09-11T15:13:59Z
Modified
2025-10-17T11:18:40.720107Z
Summary
usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Check for xhci->interrupters being allocated in xhcimemclearup()

If xhcimeminit() fails, it calls into xhcimemcleanup() to mop up the damage. If it fails early enough, before xhci->interrupters is allocated but after xhci->maxinterrupters has been set, which happens in most (all?) cases, things get uglier, as xhcimem_cleanup() unconditionally derefences xhci->interrupters. With prejudice.

Gate the interrupt freeing loop with a check on xhci->interrupters being non-NULL.

Found while debugging a DMA allocation issue that led the XHCI driver on this exact path.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bcd191d7bab25513daf7db78ab32eda60d9484c3
Fixed
3efb29f6a78d4746f958c1ab6cd7981c5762f03b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c99b38c412343053e9af187e595793c8805bb9b8
Fixed
770cacc75b0091ece17349195d72133912c1ca7c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c99b38c412343053e9af187e595793c8805bb9b8
Fixed
dcdb52d948f3a17ccd3fce757d9bd981d7c32039

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.7
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dcdb52d948f3a17ccd3fce757d9bd981d7c32039",
        "signature_version": "v1",
        "target": {
            "file": "drivers/usb/host/xhci-mem.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "270044312960083192166376075781682775640",
                "219438842430514541939330669177517706539",
                "51149530502100398821924097602795560423",
                "191108415903795924974810151675203211631"
            ]
        },
        "id": "CVE-2024-45027-002bb0ae"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3efb29f6a78d4746f958c1ab6cd7981c5762f03b",
        "signature_version": "v1",
        "target": {
            "file": "drivers/usb/host/xhci-mem.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "270044312960083192166376075781682775640",
                "219438842430514541939330669177517706539",
                "51149530502100398821924097602795560423",
                "191108415903795924974810151675203211631"
            ]
        },
        "id": "CVE-2024-45027-412db1d8"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3efb29f6a78d4746f958c1ab6cd7981c5762f03b",
        "signature_version": "v1",
        "target": {
            "function": "xhci_mem_cleanup",
            "file": "drivers/usb/host/xhci-mem.c"
        },
        "digest": {
            "function_hash": "128206838070738479443965937980028688469",
            "length": 2930.0
        },
        "id": "CVE-2024-45027-41fd12ef"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@770cacc75b0091ece17349195d72133912c1ca7c",
        "signature_version": "v1",
        "target": {
            "file": "drivers/usb/host/xhci-mem.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "270044312960083192166376075781682775640",
                "219438842430514541939330669177517706539",
                "51149530502100398821924097602795560423",
                "191108415903795924974810151675203211631"
            ]
        },
        "id": "CVE-2024-45027-623c83e5"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@770cacc75b0091ece17349195d72133912c1ca7c",
        "signature_version": "v1",
        "target": {
            "function": "xhci_mem_cleanup",
            "file": "drivers/usb/host/xhci-mem.c"
        },
        "digest": {
            "function_hash": "295353154782053523457577276018416631818",
            "length": 2870.0
        },
        "id": "CVE-2024-45027-9fc4a351"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dcdb52d948f3a17ccd3fce757d9bd981d7c32039",
        "signature_version": "v1",
        "target": {
            "function": "xhci_mem_cleanup",
            "file": "drivers/usb/host/xhci-mem.c"
        },
        "digest": {
            "function_hash": "295353154782053523457577276018416631818",
            "length": 2870.0
        },
        "id": "CVE-2024-45027-cf1d1804"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.10.7