CVE-2024-45027

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop up the damage. If it fails early enough, before xhci->interrupters is allocated but after xhci->max_interrupters has been set, which happens in most (all?) cases, things get uglier, as xhci_mem_cleanup() unconditionally derefences xhci->interrupters. With prejudice. Gate the interrupt freeing loop with a check on xhci->interrupters being non-NULL. Found while debugging a DMA allocation issue that led the XHCI driver on this exact path.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c	Patch
https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc3::::::

History

13 Sep 2024, 16:29

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c -~~	() https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c - Patch
References	~~() https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 -~~	() https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.11:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.11:rc2::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: xhci: Comprueba que xhci->interrupters se asignen en xhci_mem_clearup() Si xhci_mem_init() falla, llama a xhci_mem_cleanup() para limpiar el daño. Si falla lo suficientemente pronto, antes de que se asigne xhci->interrupters pero después de que se haya establecido xhci->max_interrupters, lo que sucede en la mayoría (¿todos?) de los casos, las cosas se ponen peor, ya que xhci_mem_cleanup() desreferencia incondicionalmente a xhci->interrupters. Con prejuicio. Bloquea el bucle de liberación de interrupciones con una comprobación de que xhci->interrupters no sea NULL. Se encontró mientras se depuraba un problema de asignación de DMA que llevó al controlador XHCI por este camino exacto.
First Time		Linux linux Kernel Linux
CWE		CWE-459

11 Sep 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-11 16:15

Updated : 2024-09-13 16:29

NVD link : CVE-2024-45027

Mitre link : CVE-2024-45027

CVE.ORG link : CVE-2024-45027

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-459

Incomplete Cleanup

5.5 /10