{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-46674","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-09-11T15:12:18.247Z","datePublished":"2024-09-13T05:29:10.381Z","dateUpdated":"2025-11-03T22:16:08.133Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:31:37.437Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: st: fix probed platform device ref count on probe error path\n\nThe probe function never performs any paltform device allocation, thus\nerror path \"undo_platform_dev_alloc\" is entirely bogus.  It drops the\nreference count from the platform device being probed.  If error path is\ntriggered, this will lead to unbalanced device reference counts and\npremature release of device resources, thus possible use-after-free when\nreleasing remaining devm-managed resources."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/dwc3/dwc3-st.c"],"versions":[{"version":"f83fca0707c66e36f14efef7f68702cb12de70b7","lessThan":"b0979a885b9d4df2a25b88e9d444ccaa5f9f495c","status":"affected","versionType":"git"},{"version":"f83fca0707c66e36f14efef7f68702cb12de70b7","lessThan":"f3498650df0805c75b4e1c94d07423c46cbf4ce1","status":"affected","versionType":"git"},{"version":"f83fca0707c66e36f14efef7f68702cb12de70b7","lessThan":"6aee4c5635d81f4809c3b9f0c198a65adfbb2ada","status":"affected","versionType":"git"},{"version":"f83fca0707c66e36f14efef7f68702cb12de70b7","lessThan":"060f41243ad7f6f5249fa7290dda0c01f723d12d","status":"affected","versionType":"git"},{"version":"f83fca0707c66e36f14efef7f68702cb12de70b7","lessThan":"4c6735299540f3c82a5033d35be76a5c42e0fb18","status":"affected","versionType":"git"},{"version":"f83fca0707c66e36f14efef7f68702cb12de70b7","lessThan":"e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49","status":"affected","versionType":"git"},{"version":"f83fca0707c66e36f14efef7f68702cb12de70b7","lessThan":"1de989668708ce5875efc9d669d227212aeb9a90","status":"affected","versionType":"git"},{"version":"f83fca0707c66e36f14efef7f68702cb12de70b7","lessThan":"ddfcfeba891064b88bb844208b43bef2ef970f0c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/dwc3/dwc3-st.c"],"versions":[{"version":"3.18","status":"affected"},{"version":"0","lessThan":"3.18","status":"unaffected","versionType":"semver"},{"version":"4.19.321","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.283","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.225","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.166","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.108","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.49","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.8","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"4.19.321"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.4.283"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.10.225"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"5.15.166"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.1.108"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.6.49"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.10.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18","versionEndExcluding":"6.11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b0979a885b9d4df2a25b88e9d444ccaa5f9f495c"},{"url":"https://git.kernel.org/stable/c/f3498650df0805c75b4e1c94d07423c46cbf4ce1"},{"url":"https://git.kernel.org/stable/c/6aee4c5635d81f4809c3b9f0c198a65adfbb2ada"},{"url":"https://git.kernel.org/stable/c/060f41243ad7f6f5249fa7290dda0c01f723d12d"},{"url":"https://git.kernel.org/stable/c/4c6735299540f3c82a5033d35be76a5c42e0fb18"},{"url":"https://git.kernel.org/stable/c/e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49"},{"url":"https://git.kernel.org/stable/c/1de989668708ce5875efc9d669d227212aeb9a90"},{"url":"https://git.kernel.org/stable/c/ddfcfeba891064b88bb844208b43bef2ef970f0c"}],"title":"usb: dwc3: st: fix probed platform device ref count on probe error path","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-29T15:44:46.031544Z","id":"CVE-2024-46674","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-29T15:45:00.520Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:16:08.133Z"}}]}}