5.5
CVE-2024-38628
- EPSS 0.17%
- Veröffentlicht 21.06.2024 11:15:11
- Zuletzt bearbeitet 24.03.2025 18:09:37
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15 < 6.1.93
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.33
Linux ≫ Linux Kernel Version >= 6.7 < 6.9.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.07 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464
https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0
https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09
https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068