5.5

CVE-2024-57981

EPSS 0.02%
Veröffentlicht 27.02.2025 02:15:11
Zuletzt bearbeitet 12.05.2026 13:16:25
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

usb: xhci: Fix NULL pointer dereference on certain command aborts

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Fix NULL pointer dereference on certain command aborts

If a command is queued to the final usable TRB of a ring segment, the
enqueue pointer is advanced to the subsequent link TRB and no further.
If the command is later aborted, when the abort completion is handled
the dequeue pointer is advanced to the first TRB of the next segment.

If no further commands are queued, xhci_handle_stopped_cmd_ring() sees
the ring pointers unequal and assumes that there is a pending command,
so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.

Don't attempt timer setup if cur_cmd is NULL. The subsequent doorbell
ring likely is unnecessary too, but it's harmless. Leave it alone.

This is probably Bug 219532, but no confirmation has been received.

The issue has been independently reproduced and confirmed fixed using
a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.
Everything continued working normally after several prevented crashes.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 15

NVD 4 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.16 < 6.1.129

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.76

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.13

Linux ≫ Linux Kernel Version >= 6.13 < 6.13.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/0ce5c0dac768be14afe2426101b568a0f66bfc4d

Patch

Mailing List

https://git.kernel.org/stable/c/1e0a19912adb68a4b2b74fd77001c96cd83eb073

Patch

Mailing List

https://git.kernel.org/stable/c/4ff18870af793ce2034a6ad746e91d0a3d985b88

Patch

Mailing List

https://git.kernel.org/stable/c/ae069cd2ba09a2bd6a87a68c59ef0b7ea39cd641

Patch

Mailing List

https://git.kernel.org/stable/c/b649f0d5bc256f691c7d234c3986685d54053de1

Patch

Mailing List

https://git.kernel.org/stable/c/b44253956407046e5907d4d72c8fa5b93ae94485

https://git.kernel.org/stable/c/cf30300a216a4f8dce94e11781a866a09d4b50d4

https://git.kernel.org/stable/c/fd8bfaeba4a85b14427899adec0efb3954300653

https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html

https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

https://cert-portal.siemens.com/productcert/html/ssa-503939.html

https://nvd.nist.gov/vuln/detail/CVE-2024-57981

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-57981

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-57981

EUVD