ghsa-wh76-6j96-82w8
Vulnerability from github
Published
2024-12-28 12:30
Modified
2025-01-31 18:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix looping of queued SG entries

The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared).

Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-56698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-28T10:15:16Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Fix looping of queued SG entries\n\nThe dwc3_request-\u003enum_queued_sgs is decremented on completion. If a\npartially completed request is handled, then the\ndwc3_request-\u003enum_queued_sgs no longer reflects the total number of\nnum_queued_sgs (it would be cleared).\n\nCorrectly check the number of request SG entries remained to be prepare\nand queued. Failure to do this may cause null pointer dereference when\naccessing non-existent SG entry.",
  "id": "GHSA-wh76-6j96-82w8",
  "modified": "2025-01-31T18:31:04Z",
  "published": "2024-12-28T12:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56698"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.