CVE-2024-38628

MEDIUM

Linux Kernel 5.15-5.15, 6.2.0-6.6.33, 6.7.0-6.9.4 - Use-After-Free in USB Audio Gadget Controls

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks.

References (4)

Core 4

Scores

CVSS v3 5.5
EPSS 0.0017
EPSS Percentile 7.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-362
Status published
Products (14)
linux/Kernel 5.15.0 - 6.1.93linux
linux/Kernel 6.2.0 - 6.6.33linux
linux/Kernel 6.7.0 - 6.9.4linux
Linux/Linux < 5.15
Linux/Linux 02de698ca8123782c0c6fb8ed99080e2f032b0d2 - 1b739388aa3f8dfb63a9fca777e6dfa6912d0464
Linux/Linux 02de698ca8123782c0c6fb8ed99080e2f032b0d2 - 453d3fa9266e53f85377b911c19b9a4563fa88c0
Linux/Linux 02de698ca8123782c0c6fb8ed99080e2f032b0d2 - 89e66809684485590ea0b32c3178e42cba36ac09
Linux/Linux 02de698ca8123782c0c6fb8ed99080e2f032b0d2 - bea73b58ab67fe581037ad9cdb93c2557590c068
Linux/Linux 5.15
Linux/Linux 6.1.93 - 6.1.*
... and 4 more
Published Jun 21, 2024
Tracked Since Feb 18, 2026