CVE-2024-38628

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks.
Configurations

No configuration.

History

21 Nov 2024, 09:26

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464 - () https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464 -
References () https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0 - () https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0 -
References () https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09 - () https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09 -
References () https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068 - () https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068 -

05 Nov 2024, 17:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE CWE-362
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: u_audio: se corrigió el uso de los controles en condiciones de ejecución después de liberarse durante la desvinculación del gadget. Conserve las ID de control en lugar de los punteros, ya que se manejan correctamente con candados.

21 Jun 2024, 11:22

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-21 11:15

Updated : 2024-11-21 09:26


NVD link : CVE-2024-38628

Mitre link : CVE-2024-38628

CVE.ORG link : CVE-2024-38628


JSON object : View

Products Affected

No product.

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')