medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-44960: usb: gadget: core: Check for unset descriptor

First published: Wed Sep 04 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel<3.16.80
Linux Kernel>=3.17<4.4.199
Linux Kernel>=4.5<4.9.199
Linux Kernel>=4.10<4.14.152
Linux Kernel>=4.15<4.19.320
Linux Kernel>=4.20<5.3.9
Linux Kernel>=5.4<5.4.282
Linux Kernel>=5.5<5.10.224
Linux Kernel>=5.11<5.15.165
Linux Kernel>=5.16<6.1.105
Linux Kernel>=6.2<6.6.46
Linux Kernel>=6.7<6.10.5
Linux Kernel=6.11-rc1
Linux Kernel=6.11-rc2
debian/linux<=5.10.223-1
5.10.234-1
6.1.129-1
6.1.133-1
6.12.22-1
6.12.25-1
debian/linux-6.1
6.1.129-1~deb11u1

Remedy

https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1

Remedy

https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62

Remedy

https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4

Remedy

https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e

Remedy

https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18

Remedy

https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf

Remedy

https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a

Remedy

https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-44960?

    CVE-2024-44960 has a moderate severity level due to its potential to cause a null pointer panic in the Linux kernel.

  • How do I fix CVE-2024-44960?

    To resolve CVE-2024-44960, update your Linux kernel to a safe version, specifically to at least 5.10.226-1, 6.1.123-1, or higher.

  • What versions of Linux are affected by CVE-2024-44960?

    CVE-2024-44960 affects various versions of the Linux kernel including those prior to 5.10.226-1, 6.1.123-1, and several others.

  • Is CVE-2024-44960 exploitable remotely?

    CVE-2024-44960 does not indicate remote exploitability, but it can lead to system instability if triggered.

  • What are the symptoms of CVE-2024-44960 in a system?

    Systems impacted by CVE-2024-44960 may experience crashes or unexpected behavior due to null pointer dereferencing.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203