CVE-2024-56698

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-56698
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56698.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-56698
Downstream
Related
Published
2024-12-28T09:46:21.363Z
Modified
2026-03-11T07:51:17.282754482Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
usb: dwc3: gadget: Fix looping of queued SG entries
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix looping of queued SG entries

The dwc3request->numqueuedsgs is decremented on completion. If a partially completed request is handled, then the dwc3request->numqueuedsgs no longer reflects the total number of numqueuedsgs (it would be cleared).

Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56698.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c96e6725db9d6a04ac1bee881e3034b636d9f71c
Fixed
8ceb21d76426bbe7072cc3e43281e70c0d664cc7
Fixed
0247da93bf62d33304b7bf97850ebf2a86e06d28
Fixed
c9e72352a10ae89a430449f7bfeb043e75c255d9
Fixed
1534f6f69393aac773465d80d31801b554352627
Fixed
b7c3d0b59213ebeedff63d128728ce0b3d7a51ec
Fixed
70777a23a54e359cfdfafc625a57cd56434f3859
Fixed
b7fc65f5141c24785dc8c19249ca4efcf71b3524

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56698.json"