CVE-2024-46674

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46674

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46674.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-46674

Downstream

BELL-CVE-2024-46674

DEBIAN-CVE-2024-46674

DLA-3912-1

DLA-4008-1

DSA-5782-1

OESA-2024-2216

OESA-2024-2217

OESA-2024-2218

OESA-2024-2219

OESA-2024-2220

SUSE-SU-2024:3547-1

SUSE-SU-2024:3551-1

SUSE-SU-2024:3553-1

SUSE-SU-2024:3561-1

SUSE-SU-2024:3563-1

SUSE-SU-2024:3564-1

SUSE-SU-2024:3569-1

SUSE-SU-2024:3587-1

SUSE-SU-2024:3592-1

UBUNTU-CVE-2024-46674

Related

Published

2024-09-13T06:15:12Z

Modified

2025-08-09T20:01:26Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: st: fix probed platform device ref count on probe error path

The probe function never performs any paltform device allocation, thus error path "undoplatformdev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.

References

Affected packages