{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-26715","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.160Z","datePublished":"2024-04-03T14:55:16.395Z","dateUpdated":"2025-05-04T12:54:35.041Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:54:35.041Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend\n\nIn current scenario if Plug-out and Plug-In performed continuously\nthere could be a chance while checking for dwc->gadget_driver in\ndwc3_gadget_suspend, a NULL pointer dereference may occur.\n\nCall Stack:\n\n\tCPU1:                           CPU2:\n\tgadget_unbind_driver            dwc3_suspend_common\n\tdwc3_gadget_stop                dwc3_gadget_suspend\n                                        dwc3_disconnect_gadget\n\nCPU1 basically clears the variable and CPU2 checks the variable.\nConsider CPU1 is running and right before gadget_driver is cleared\nand in parallel CPU2 executes dwc3_gadget_suspend where it finds\ndwc->gadget_driver which is not NULL and resumes execution and then\nCPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where\nit checks dwc->gadget_driver is already NULL because of which the\nNULL pointer deference occur."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/dwc3/gadget.c"],"versions":[{"version":"9772b47a4c2916d645c551228b6085ea24acbe5d","lessThan":"88936ceab6b426f1312327e9ef849c215c6007a7","status":"affected","versionType":"git"},{"version":"9772b47a4c2916d645c551228b6085ea24acbe5d","lessThan":"57e2e42ccd3cd6183228269715ed032f44536751","status":"affected","versionType":"git"},{"version":"9772b47a4c2916d645c551228b6085ea24acbe5d","lessThan":"c7ebd8149ee519d27232e6e4940e9c02071b568b","status":"affected","versionType":"git"},{"version":"9772b47a4c2916d645c551228b6085ea24acbe5d","lessThan":"36695d5eeeefe5a64b47d0336e7c8fc144e78182","status":"affected","versionType":"git"},{"version":"9772b47a4c2916d645c551228b6085ea24acbe5d","lessThan":"61a348857e869432e6a920ad8ea9132e8d44c316","status":"affected","versionType":"git"},{"version":"8cca5c85393a7a490d4d7942c24d73d29cc77b3e","status":"affected","versionType":"git"},{"version":"df2ca3271569367352835f981618e284fdc4ca94","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/dwc3/gadget.c"],"versions":[{"version":"4.6","status":"affected"},{"version":"0","lessThan":"4.6","status":"unaffected","versionType":"semver"},{"version":"5.15.149","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.79","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.18","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.6","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.15.149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.1.79"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.6.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.7.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"6.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.178"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/88936ceab6b426f1312327e9ef849c215c6007a7"},{"url":"https://git.kernel.org/stable/c/57e2e42ccd3cd6183228269715ed032f44536751"},{"url":"https://git.kernel.org/stable/c/c7ebd8149ee519d27232e6e4940e9c02071b568b"},{"url":"https://git.kernel.org/stable/c/36695d5eeeefe5a64b47d0336e7c8fc144e78182"},{"url":"https://git.kernel.org/stable/c/61a348857e869432e6a920ad8ea9132e8d44c316"}],"title":"usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26715","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-04-03T17:49:51.140719Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:49:25.920Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:13.001Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/88936ceab6b426f1312327e9ef849c215c6007a7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/57e2e42ccd3cd6183228269715ed032f44536751","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c7ebd8149ee519d27232e6e4940e9c02071b568b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/36695d5eeeefe5a64b47d0336e7c8fc144e78182","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/61a348857e869432e6a920ad8ea9132e8d44c316","tags":["x_transferred"]}]}]}}