CVE-2024-56698

MEDIUM

Linux Kernel - NULL Pointer Dereference in DWC3 Gadget SG Entry Handling

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.

References (9)

Core 9

Scores

CVSS v3 5.5
EPSS 0.0021
EPSS Percentile 10.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (23)
linux/Kernel 4.18.0 - 5.10.231linux
linux/Kernel 5.11.0 - 5.15.174linux
linux/Kernel 5.16.0 - 6.1.120linux
linux/Kernel 6.12.0 - 6.12.2linux
linux/Kernel 6.2.0 - 6.6.64linux
linux/Kernel 6.7.0 - 6.11.11linux
Linux/Linux < 4.18
Linux/Linux 4.18
Linux/Linux 5.10.231 - 5.10.*
Linux/Linux 5.15.174 - 5.15.*
... and 13 more
Published Dec 28, 2024
Tracked Since Feb 18, 2026