CVE-2024-44960
MEDIUMLinux Kernel - Null Pointer Dereference in USB Gadget Core
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.
References (13)
Core 13
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-355557.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-613116.html
Scores
CVSS v3
5.5
EPSS
0.0023
EPSS Percentile
13.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (38)
linux/Kernel
< 4.19.320linux
linux/Kernel
4.20.0 - 5.4.282linux
linux/Kernel
5.11.0 - 6.1.105linux
linux/Kernel
5.16.0 - 6.6.46linux
linux/Kernel
5.4.0 - 5.10.224linux
linux/Kernel
5.5.0 - 5.15.165linux
linux/Kernel
6.2.0 - 6.10.5linux
Linux/Linux
< 5.4
Linux/Linux
3.16.80 - 3.17
Linux/Linux
4.14.152 - 4.15
... and 28 more
Published
Sep 04, 2024
Tracked Since
Feb 18, 2026