{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26600","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.128Z","datePublished":"2024-02-24T14:56:55.674Z","dateUpdated":"2025-05-04T08:51:58.052Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:51:58.052Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet's fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/phy/ti/phy-omap-usb2.c"],"versions":[{"version":"657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6","lessThan":"486218c11e8d1c8f515a3bdd70d62203609d4b6b","status":"affected","versionType":"git"},{"version":"657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6","lessThan":"8398d8d735ee93a04fb9e9f490e8cacd737e3bf5","status":"affected","versionType":"git"},{"version":"657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6","lessThan":"be3b82e4871ba00e9b5d0ede92d396d579d7b3b3","status":"affected","versionType":"git"},{"version":"657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6","lessThan":"8cc889b9dea0579726be9520fcc766077890b462","status":"affected","versionType":"git"},{"version":"657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6","lessThan":"0430bfcd46657d9116a26cd377f112cbc40826a4","status":"affected","versionType":"git"},{"version":"657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6","lessThan":"14ef61594a5a286ae0d493b8acbf9eac46fd04c4","status":"affected","versionType":"git"},{"version":"657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6","lessThan":"396e17af6761b3cc9e6e4ca94b4de7f642bfece1","status":"affected","versionType":"git"},{"version":"657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6","lessThan":"7104ba0f1958adb250319e68a15eff89ec4fd36d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/phy/ti/phy-omap-usb2.c"],"versions":[{"version":"3.7","status":"affected"},{"version":"0","lessThan":"3.7","status":"unaffected","versionType":"semver"},{"version":"4.19.307","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.269","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.210","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.149","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.78","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.17","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.5","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.19.307"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.4.269"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.10.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.15.149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.1.78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.6.17"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.7.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"},{"url":"https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"},{"url":"https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"},{"url":"https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"},{"url":"https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"},{"url":"https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"},{"url":"https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"},{"url":"https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"}],"title":"phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-28T17:03:23.255963Z","id":"CVE-2024-26600","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-28T17:03:34.995Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:07:19.673Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]}]},"dataVersion":"5.1"}