CVE-2024-45027

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45027
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45027.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45027
Downstream
Published
2024-09-11T15:13:59Z
Modified
2025-10-09T16:40:52.853554Z
Summary
usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Check for xhci->interrupters being allocated in xhcimemclearup()

If xhcimeminit() fails, it calls into xhcimemcleanup() to mop up the damage. If it fails early enough, before xhci->interrupters is allocated but after xhci->maxinterrupters has been set, which happens in most (all?) cases, things get uglier, as xhcimem_cleanup() unconditionally derefences xhci->interrupters. With prejudice.

Gate the interrupt freeing loop with a check on xhci->interrupters being non-NULL.

Found while debugging a DMA allocation issue that led the XHCI driver on this exact path.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bcd191d7bab25513daf7db78ab32eda60d9484c3
Fixed
3efb29f6a78d4746f958c1ab6cd7981c5762f03b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c99b38c412343053e9af187e595793c8805bb9b8
Fixed
770cacc75b0091ece17349195d72133912c1ca7c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c99b38c412343053e9af187e595793c8805bb9b8
Fixed
dcdb52d948f3a17ccd3fce757d9bd981d7c32039

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.7
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.10.7