What is the severity of CVE-2024-56698?

CVE-2024-56698 has not publicly been assigned a specific severity rating but addresses an issue in the Linux kernel that could potentially lead to vulnerabilities in USB gadget operations.

Which versions of the Linux kernel are affected by CVE-2024-56698?

CVE-2024-56698 affects Linux kernel versions from 4.18 up to 6.12.2, with specific ranges outlined for each affected version.

How do I fix CVE-2024-56698?

To fix CVE-2024-56698, update your Linux kernel to at least version 6.1.123-1 or a newer version available in your distribution.

What is the nature of the vulnerability in CVE-2024-56698?

The vulnerability in CVE-2024-56698 is related to the improper handling of queued scatter-gather (SG) entries in the Linux kernel USB driver.

Has CVE-2024-56698 been resolved and how?

Yes, CVE-2024-56698 has been resolved through a fix that ensures correct decrementing of queued SG entry counts upon request completion.

Vulnerability/
CVE-2024-56698

medium

5.5

CWE

476

28/12/2024

31/1/2025

CVE-2024-56698: usb: dwc3: gadget: Fix looping of queued SG entries

First published: Sat Dec 28 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux kernel
Linux Kernel	>=4.18<5.10.231
Linux Kernel	>=5.11<5.15.174
Linux Kernel	>=5.16<6.1.120
Linux Kernel	>=6.2<6.6.64
Linux Kernel	>=6.7<6.11.11
Linux Kernel	>=6.12<6.12.2
debian/linux	<=5.10.223-1<=5.10.226-1	6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-56698?
CVE-2024-56698 has not publicly been assigned a specific severity rating but addresses an issue in the Linux kernel that could potentially lead to vulnerabilities in USB gadget operations.
Which versions of the Linux kernel are affected by CVE-2024-56698?
CVE-2024-56698 affects Linux kernel versions from 4.18 up to 6.12.2, with specific ranges outlined for each affected version.
How do I fix CVE-2024-56698?
To fix CVE-2024-56698, update your Linux kernel to at least version 6.1.123-1 or a newer version available in your distribution.
What is the nature of the vulnerability in CVE-2024-56698?
The vulnerability in CVE-2024-56698 is related to the improper handling of queued scatter-gather (SG) entries in the Linux kernel USB driver.
Has CVE-2024-56698 been resolved and how?
Yes, CVE-2024-56698 has been resolved through a fix that ensures correct decrementing of queued SG entry counts upon request completion.

agent/title
agent/weakness
agent/first-publish-date
agent/type
agent/author
collector/mitre-cve
source/MITRE
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/last-modified-date
agent/remedy
agent/severity
collector/nvd-api
source/NVD
collector/usn-cve
source/Ubuntu
agent/references
agent/source
agent/softwarecombine
agent/description
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
collector/nvd-cve
vendor/linux
canonical/linux kernel
version/linux kernel/4.18
version/linux kernel/5.11
version/linux kernel/5.16
version/linux kernel/6.2
version/linux kernel/6.7
version/linux kernel/6.12
package-manager/debian

Frequently Asked Questions

What is the severity of CVE-2024-56698?
CVE-2024-56698 has not publicly been assigned a specific severity rating but addresses an issue in the Linux kernel that could potentially lead to vulnerabilities in USB gadget operations.
Which versions of the Linux kernel are affected by CVE-2024-56698?
CVE-2024-56698 affects Linux kernel versions from 4.18 up to 6.12.2, with specific ranges outlined for each affected version.
How do I fix CVE-2024-56698?
To fix CVE-2024-56698, update your Linux kernel to at least version 6.1.123-1 or a newer version available in your distribution.
What is the nature of the vulnerability in CVE-2024-56698?
The vulnerability in CVE-2024-56698 is related to the improper handling of queued scatter-gather (SG) entries in the Linux kernel USB driver.
Has CVE-2024-56698 been resolved and how?
Yes, CVE-2024-56698 has been resolved through a fix that ensures correct decrementing of queued SG entry counts upon request completion.

CVE-2024-56698: usb: dwc3: gadget: Fix looping of queued SG entries

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-56698?

Which versions of the Linux kernel are affected by CVE-2024-56698?

How do I fix CVE-2024-56698?

What is the nature of the vulnerability in CVE-2024-56698?

Has CVE-2024-56698 been resolved and how?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-56698?

Which versions of the Linux kernel are affected by CVE-2024-56698?

How do I fix CVE-2024-56698?

What is the nature of the vulnerability in CVE-2024-56698?

Has CVE-2024-56698 been resolved and how?