{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-45006","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-08-21T05:34:56.679Z","datePublished":"2024-09-04T19:54:48.353Z","dateUpdated":"2025-11-03T22:15:09.348Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:30:52.855Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/host/xhci.c"],"versions":[{"version":"651aaf36a7d7b36a58980e70133f9437d4f6d312","lessThan":"ef0a0e616b2789bb804a0ce5e161db03170a85b6","status":"affected","versionType":"git"},{"version":"651aaf36a7d7b36a58980e70133f9437d4f6d312","lessThan":"a57b0ebabe6862dce0a2e0f13e17941ad72fc56b","status":"affected","versionType":"git"},{"version":"651aaf36a7d7b36a58980e70133f9437d4f6d312","lessThan":"0f0654318e25b2c185e245ba4a591e42fabb5e59","status":"affected","versionType":"git"},{"version":"651aaf36a7d7b36a58980e70133f9437d4f6d312","lessThan":"365ef7c4277fdd781a695c3553fa157d622d805d","status":"affected","versionType":"git"},{"version":"651aaf36a7d7b36a58980e70133f9437d4f6d312","lessThan":"5ad898ae82412f8a689d59829804bff2999dd0ea","status":"affected","versionType":"git"},{"version":"651aaf36a7d7b36a58980e70133f9437d4f6d312","lessThan":"6b99de301d78e1f5249e57ef2c32e1dec3df2bb1","status":"affected","versionType":"git"},{"version":"651aaf36a7d7b36a58980e70133f9437d4f6d312","lessThan":"8fb9d412ebe2f245f13481e4624b40e651570cbd","status":"affected","versionType":"git"},{"version":"651aaf36a7d7b36a58980e70133f9437d4f6d312","lessThan":"af8e119f52e9c13e556be9e03f27957554a84656","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/host/xhci.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"4.19.321","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.283","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.225","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.166","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.107","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.48","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.7","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.321"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.4.283"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.225"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.15.166"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.1.107"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.6.48"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.10.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6"},{"url":"https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b"},{"url":"https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59"},{"url":"https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d"},{"url":"https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea"},{"url":"https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1"},{"url":"https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd"},{"url":"https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656"}],"title":"xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-04T20:18:09.033910Z","id":"CVE-2024-45006","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-04T20:18:29.841Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:15:09.348Z"}}]}}