{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-44960","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-08-21T05:34:56.666Z","datePublished":"2024-09-04T18:35:58.469Z","dateUpdated":"2025-11-03T22:14:09.135Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:58:29.741Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn't properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/udc/core.c"],"versions":[{"version":"d1c188d330ca33cc35d1590441ba276f31144299","lessThan":"ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a","status":"affected","versionType":"git"},{"version":"54f83b8c8ea9b22082a496deadf90447a326954e","lessThan":"df8e734ae5e605348aa0ca2498aedb73e815f244","status":"affected","versionType":"git"},{"version":"54f83b8c8ea9b22082a496deadf90447a326954e","lessThan":"7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e","status":"affected","versionType":"git"},{"version":"54f83b8c8ea9b22082a496deadf90447a326954e","lessThan":"50c5248b0ea8aae0529fdf28dac42a41312d3b62","status":"affected","versionType":"git"},{"version":"54f83b8c8ea9b22082a496deadf90447a326954e","lessThan":"a0362cd6e503278add954123957fd47990e8d9bf","status":"affected","versionType":"git"},{"version":"54f83b8c8ea9b22082a496deadf90447a326954e","lessThan":"1a9df57d57452b104c46c918569143cf21d7ebf1","status":"affected","versionType":"git"},{"version":"54f83b8c8ea9b22082a496deadf90447a326954e","lessThan":"716cba46f73a92645cf13eded8d257ed48afc2a4","status":"affected","versionType":"git"},{"version":"54f83b8c8ea9b22082a496deadf90447a326954e","lessThan":"973a57891608a98e894db2887f278777f564de18","status":"affected","versionType":"git"},{"version":"d7e3f2fe01372eb914d0e451f0e7a46cbcb98f9e","status":"affected","versionType":"git"},{"version":"85c9ece11264499890d0e9f0dee431ac1bda981c","status":"affected","versionType":"git"},{"version":"fc71e39a6c07440e6968227f3db1988f45d7a7b7","status":"affected","versionType":"git"},{"version":"94f5de2eefae22c449e367c2dacafe869af73e3f","status":"affected","versionType":"git"},{"version":"8212b44b7109bd30dbf7eb7f5ecbbc413757a7d7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/gadget/udc/core.c"],"versions":[{"version":"5.4","status":"affected"},{"version":"0","lessThan":"5.4","status":"unaffected","versionType":"semver"},{"version":"4.19.320","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.282","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.224","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.165","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.105","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.46","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.5","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.82","versionEndExcluding":"4.19.320"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.4.282"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.10.224"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"5.15.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.1.105"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.6.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.10.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4","versionEndExcluding":"6.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.16.80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.152"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a"},{"url":"https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244"},{"url":"https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e"},{"url":"https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62"},{"url":"https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf"},{"url":"https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1"},{"url":"https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4"},{"url":"https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18"}],"title":"usb: gadget: core: Check for unset descriptor","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-44960","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:39:50.689815Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T17:33:35.969Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:14:09.135Z"}}]}}