CVE-2024-46674

HIGH

Linux Kernel 3.18-6.10.7 - Use-After-Free in DWC3 USB Probe Error Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.

References (10)

Core 10
Core References

Scores

CVSS v3 7.8
EPSS 0.0026
EPSS Percentile 17.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (27)
linux/Kernel 3.18.0 - 4.19.321linux
linux/Kernel 4.20.0 - 5.4.283linux
linux/Kernel 5.11.0 - 5.15.166linux
linux/Kernel 5.16.0 - 6.1.108linux
linux/Kernel 5.5.0 - 5.10.225linux
linux/Kernel 6.2.0 - 6.6.49linux
linux/Kernel 6.7.0 - 6.10.8linux
Linux/Linux < 3.18
Linux/Linux 3.18
Linux/Linux 4.19.321 - 4.19.*
... and 17 more
Published Sep 13, 2024
Tracked Since Feb 18, 2026