high
7.8
CWE
416
Advisory Published
CVE Published
Updated

CVE-2024-26749: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()

First published: Wed Apr 03 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() ... cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ... 'priv_req' actually free at cdns3_gadget_ep_free_request(). But list_del_init() use priv_req->list after it. [ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4 [ 1542.642868][ T534] [ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3): [ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4 [ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3] [ 1542.671571][ T534] usb_ep_disable+0x44/0xe4 [ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8 [ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368 [ 1542.685478][ T534] ffs_func_disable+0x18/0x28 Move list_del_init() before cdns3_gadget_ep_free_request() to resolve this problem.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.4<5.4.270
Linux Kernel>=5.5<5.10.211
Linux Kernel>=5.11<5.15.150
Linux Kernel>=5.16<6.1.80
Linux Kernel>=6.2<6.6.19
Linux Kernel>=6.7<6.7.7
Linux Kernel=6.8-rc1
Linux Kernel=6.8-rc2
Linux Kernel=6.8-rc3
Linux Kernel=6.8-rc4
Linux Kernel=6.8-rc5
debian/linux
5.10.223-1
5.10.234-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.17-1

Remedy

https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9

Remedy

https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16

Remedy

https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3

Remedy

https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d

Remedy

https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643

Remedy

https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6

Remedy

https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-26749?

    CVE-2024-26749 is classified as a high-severity vulnerability that can lead to memory corruption.

  • Which versions of the Linux kernel are affected by CVE-2024-26749?

    CVE-2024-26749 affects Linux kernel versions from 5.4 to 6.8-rc5.

  • How do I fix CVE-2024-26749?

    To mitigate CVE-2024-26749, upgrade to a patched version such as 5.10.223-1 or 6.12.10-1.

  • What type of vulnerability is CVE-2024-26749?

    CVE-2024-26749 is a type of vulnerability related to memory use after free in the Linux kernel.

  • What impact can CVE-2024-26749 have on systems?

    Exploitation of CVE-2024-26749 may allow an attacker to execute arbitrary code or crash the system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203