CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path
First published: Fri Sep 13 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | >=3.18<4.19.321 | |
| Linux kernel | >=4.20<5.4.283 | |
| Linux kernel | >=5.5<5.10.225 | |
| Linux kernel | >=5.11<5.15.166 | |
| Linux kernel | >=5.16<6.1.108 | |
| Linux kernel | >=6.2<6.6.49 | |
| Linux kernel | >=6.7<6.10.8 | |
| Linux kernel | =6.11-rc1 | |
| Linux kernel | =6.11-rc2 | |
| Linux kernel | =6.11-rc3 | |
| Linux kernel | =6.11-rc4 | |
| Linux kernel | =6.11-rc5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/b0979a885b9d4df2a25b88e9d444ccaa5f9f495c
- https://git.kernel.org/stable/c/f3498650df0805c75b4e1c94d07423c46cbf4ce1
- https://git.kernel.org/stable/c/6aee4c5635d81f4809c3b9f0c198a65adfbb2ada
- https://git.kernel.org/stable/c/060f41243ad7f6f5249fa7290dda0c01f723d12d
- https://git.kernel.org/stable/c/4c6735299540f3c82a5033d35be76a5c42e0fb18
- https://git.kernel.org/stable/c/e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49
- https://git.kernel.org/stable/c/1de989668708ce5875efc9d669d227212aeb9a90
- https://git.kernel.org/stable/c/ddfcfeba891064b88bb844208b43bef2ef970f0c
Frequently Asked Questions
What is the severity of CVE-2024-46674?
CVE-2024-46674 has been acknowledged as a medium severity vulnerability in the Linux kernel.
How do I fix CVE-2024-46674?
To fix CVE-2024-46674, update your Linux kernel to the latest version that includes the patch provided for this vulnerability.
Which Linux kernel versions are affected by CVE-2024-46674?
CVE-2024-46674 affects Linux kernel versions between 3.18 and 6.11-rc5.
What type of vulnerability is CVE-2024-46674?
CVE-2024-46674 is a reference counting issue in the platform device probe process within the Linux kernel.
Is there any known exploit for CVE-2024-46674?
As of now, there are no known public exploits specifically targeting CVE-2024-46674.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.18
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.11-rc1
- version/linux kernel/6.11-rc2
- version/linux kernel/6.11-rc3
- version/linux kernel/6.11-rc4
- version/linux kernel/6.11-rc5