CVE-2024-58055

HIGH

Linux Kernel 4.6-6.13.2 - Use-After-Free in USB Gadget f_tcm Command Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command.

References (10)

Core 10

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html

Mailing List

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

Patch

https://git.kernel.org/stable/c/7cb72dc08ed8da60fd6d1f6adf13bf0e6ee0f694

Patch

https://git.kernel.org/stable/c/38229c35a6d7875697dfb293356407330cfcd23e

Patch

https://git.kernel.org/stable/c/bbb7f49839b57d66ccaf7b5752d9b63d3031dd0a

Patch

https://git.kernel.org/stable/c/f0c33e7d387ccbb6870e73a43c558fefede06614

Patch

https://git.kernel.org/stable/c/16907219ad6763f401700e1b57b2da4f3e07f047

Patch

https://git.kernel.org/stable/c/929b69810eec132b284ffd19047a85d961df9e4d

Patch

https://git.kernel.org/stable/c/e6693595bd1b55af62d057a4136a89d5c2ddf0e9

Patch

https://git.kernel.org/stable/c/c225d006a31949d673e646d585d9569bc28feeb9

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 12.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-415

Status published

Products (26)

linux/Kernel 4.6.0 - 5.4.291linux

linux/Kernel 5.11.0 - 5.15.179linux

linux/Kernel 5.16.0 - 6.1.129linux

linux/Kernel 5.5.0 - 5.10.235linux

linux/Kernel 6.13.0 - 6.13.2linux

linux/Kernel 6.2.0 - 6.6.76linux

linux/Kernel 6.7.0 - 6.12.13linux

Linux/Linux < 4.6

Linux/Linux 4.6

Linux/Linux 5.10.235 - 5.10.*

... and 16 more

Published Mar 06, 2025

Tracked Since Feb 18, 2026