{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-43883","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-08-17T09:11:59.287Z","datePublished":"2024-08-23T13:08:10.508Z","dateUpdated":"2026-01-05T10:52:24.273Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:52:24.273Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: vhci-hcd: Do not drop references before new references are gained\n\nAt a few places the driver carries stale pointers\nto references that can still be used. Make sure that does not happen.\nThis strictly speaking closes ZDI-CAN-22273, though there may be\nsimilar races in the driver."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/usbip/vhci_hcd.c"],"versions":[{"version":"7606ee8aa33287dd3e6eb44c78541b87a413a325","lessThan":"5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89","status":"affected","versionType":"git"},{"version":"7606ee8aa33287dd3e6eb44c78541b87a413a325","lessThan":"9c3746ce8d8fcb3a2405644fc0eec7fc5312de80","status":"affected","versionType":"git"},{"version":"7606ee8aa33287dd3e6eb44c78541b87a413a325","lessThan":"4dacdb9720aaab10b6be121eae55820174d97174","status":"affected","versionType":"git"},{"version":"7606ee8aa33287dd3e6eb44c78541b87a413a325","lessThan":"e8c1e606dab8c56cf074b43b98d0805de7322ba2","status":"affected","versionType":"git"},{"version":"7606ee8aa33287dd3e6eb44c78541b87a413a325","lessThan":"585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14","status":"affected","versionType":"git"},{"version":"7606ee8aa33287dd3e6eb44c78541b87a413a325","lessThan":"128e82e41cf7d74a562726c1587d9d2ede1a0a37","status":"affected","versionType":"git"},{"version":"7606ee8aa33287dd3e6eb44c78541b87a413a325","lessThan":"c3d0857b7fc2c49f68f89128a5440176089a8f54","status":"affected","versionType":"git"},{"version":"7606ee8aa33287dd3e6eb44c78541b87a413a325","lessThan":"afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a","status":"affected","versionType":"git"},{"version":"96ea4801d2035f89fc4ec4a67f49a18c35cb6715","status":"affected","versionType":"git"},{"version":"075b4e6a982d38121250c090f7b9294314ac1b19","status":"affected","versionType":"git"},{"version":"436e52f1a628233f080605dd736594df250897ca","status":"affected","versionType":"git"},{"version":"1c8d316294916da7e2a2f1f178ca3f3bd6d7b531","status":"affected","versionType":"git"},{"version":"927c3fa44e24300eb827ab9f9dacce6dff9c9bb7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/usbip/vhci_hcd.c"],"versions":[{"version":"2.6.38","status":"affected"},{"version":"0","lessThan":"2.6.38","status":"unaffected","versionType":"semver"},{"version":"4.19.320","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.282","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.224","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.165","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.105","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.46","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.5","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"4.19.320"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"5.4.282"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"5.10.224"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"5.15.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.1.105"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.6.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.10.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32.30"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.33.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.37.3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89"},{"url":"https://git.kernel.org/stable/c/9c3746ce8d8fcb3a2405644fc0eec7fc5312de80"},{"url":"https://git.kernel.org/stable/c/4dacdb9720aaab10b6be121eae55820174d97174"},{"url":"https://git.kernel.org/stable/c/e8c1e606dab8c56cf074b43b98d0805de7322ba2"},{"url":"https://git.kernel.org/stable/c/585e6bc7d0a9bf73a8be3d3fb34e86b90cc61a14"},{"url":"https://git.kernel.org/stable/c/128e82e41cf7d74a562726c1587d9d2ede1a0a37"},{"url":"https://git.kernel.org/stable/c/c3d0857b7fc2c49f68f89128a5440176089a8f54"},{"url":"https://git.kernel.org/stable/c/afdcfd3d6fcdeca2735ca8d994c5f2d24a368f0a"}],"title":"usb: vhci-hcd: Do not drop references before new references are gained","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-43883","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:32:14.861945Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T17:33:09.242Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:06:39.422Z"}}]}}