CVE-2024-50075: xhci: tegra: fix checked USB2 port number
First published: Tue Oct 29 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less than total USB2 phy number supported by the Tegra XUSB controller. Using total USB2 phy number as port number to check all PORTSC values would cause invalid memory access. [ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f ... [ 117.213640] Call trace: [ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658 [ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68 [ 117.227260] pm_generic_runtime_suspend+0x30/0x50 [ 117.232847] __rpm_callback+0x84/0x3c0 [ 117.237038] rpm_suspend+0x2dc/0x740 [ 117.241229] pm_runtime_work+0xa0/0xb8 [ 117.245769] process_scheduled_works+0x24c/0x478 [ 117.251007] worker_thread+0x23c/0x328 [ 117.255547] kthread+0x104/0x1b0 [ 117.259389] ret_from_fork+0x10/0x20 [ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=6.3<6.6.58 | |
| Linux Kernel | >=6.7<6.11.5 | |
| Linux Kernel | =6.12-rc1 | |
| Linux Kernel | =6.12-rc2 | |
| Linux Kernel | =6.12-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/9c696bf4ab54c7cec81221887564305f0ceeac0a
- https://git.kernel.org/stable/c/c46555f14b71f95a447f5d49fc3f1f80a1472da2
- https://git.kernel.org/stable/c/7d381137cb6ecf558ef6698c7730ddd482d4c8f2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50075
- https://nvd.nist.gov/vuln/detail/CVE-2024-50075
- https://launchpad.net/bugs/cve/CVE-2024-50075
- https://security-tracker.debian.org/tracker/CVE-2024-50075
- https://ubuntu.com/security/CVE-2024-50075
Frequently Asked Questions
What is the severity of CVE-2024-50075?
CVE-2024-50075 has been classified as a medium severity vulnerability affecting specific versions of the Linux kernel.
How do I fix CVE-2024-50075?
To resolve CVE-2024-50075, update the Linux kernel to a version that includes the fix for this vulnerability.
Which versions of the Linux kernel are affected by CVE-2024-50075?
CVE-2024-50075 affects the Linux kernel versions from 6.3 up to 6.6.58 and specific release candidates like 6.12-rc1, 6.12-rc2, and 6.12-rc3.
What components does CVE-2024-50075 impact?
CVE-2024-50075 impacts USB virtualization functions within the Linux kernel related to USB2 port assignments.
Is CVE-2024-50075 exploitable?
Yes, if USB virtualization is enabled, CVE-2024-50075 could potentially allow unauthorized access to USB2 ports.
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/remedy
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.3
- version/linux kernel/6.7
- version/linux kernel/6.12-rc1
- version/linux kernel/6.12-rc2
- version/linux kernel/6.12-rc3