| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/usb/gadget/udc/core.c" |
| ], |
| "versions": [ |
| { |
| "version": "d1c188d330ca33cc35d1590441ba276f31144299", |
| "lessThan": "ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "54f83b8c8ea9b22082a496deadf90447a326954e", |
| "lessThan": "df8e734ae5e605348aa0ca2498aedb73e815f244", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "54f83b8c8ea9b22082a496deadf90447a326954e", |
| "lessThan": "7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "54f83b8c8ea9b22082a496deadf90447a326954e", |
| "lessThan": "50c5248b0ea8aae0529fdf28dac42a41312d3b62", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "54f83b8c8ea9b22082a496deadf90447a326954e", |
| "lessThan": "a0362cd6e503278add954123957fd47990e8d9bf", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "54f83b8c8ea9b22082a496deadf90447a326954e", |
| "lessThan": "1a9df57d57452b104c46c918569143cf21d7ebf1", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "54f83b8c8ea9b22082a496deadf90447a326954e", |
| "lessThan": "716cba46f73a92645cf13eded8d257ed48afc2a4", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "54f83b8c8ea9b22082a496deadf90447a326954e", |
| "lessThan": "973a57891608a98e894db2887f278777f564de18", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "d7e3f2fe01372eb914d0e451f0e7a46cbcb98f9e", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "85c9ece11264499890d0e9f0dee431ac1bda981c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "fc71e39a6c07440e6968227f3db1988f45d7a7b7", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "94f5de2eefae22c449e367c2dacafe869af73e3f", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "8212b44b7109bd30dbf7eb7f5ecbbc413757a7d7", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/usb/gadget/udc/core.c" |
| ], |
| "versions": [ |
| { |
| "version": "5.4", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.4", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "4.19.320", |
| "lessThanOrEqual": "4.19.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.282", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.224", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.165", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.105", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.46", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.10.5", |
| "lessThanOrEqual": "6.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.11", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.19.82", |
| "versionEndExcluding": "4.19.320" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "5.4.282" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "5.10.224" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "5.15.165" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "6.1.105" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "6.6.46" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "6.10.5" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.4", |
| "versionEndExcluding": "6.11" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "3.16.80" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.4.199" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.9.199" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "4.14.152" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.3.9" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18" |
| } |
| ], |
| "title": "usb: gadget: core: Check for unset descriptor", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2024-44960", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
