CVE-2024-26919: usb: ulpi: Fix debugfs directory leak
In the Linux kernel, the following vulnerability has been resolved:
usb: ulpi: Fix debugfs directory leak
The Linux kernel CVE team has assigned CVE-2024-26919 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024041738-CVE-2024-26919-5100@gregkh/T
Other sources
In the Linux kernel, the following vulnerability has been resolved:
usb: ulpi: Fix debugfs directory leak
The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpiunregisterinterface tries to remove a debugfs directory named after the ulpi device itself. This results in the directory sticking around and preventing subsequent (deferred) probes from succeeding. Change the directory name to match the ulpi device.
— NVD
Linux Kernel is vulnerable to a denial of service, caused by a debugfs directory leak. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26919?
CVE-2024-26919 has been assessed as a moderate severity vulnerability affecting the Linux kernel.
What versions of Linux kernel are affected by CVE-2024-26919?
CVE-2024-26919 affects specific versions of the Linux kernel, including versions prior to 6.1.79, 6.6.18, 6.7.6, and 6.8 in Red Hat, and multiple versions in Debian.
How do I fix CVE-2024-26919?
To fix CVE-2024-26919, upgrade to the latest patched versions of the Linux kernel as specified by your distribution.
Is there an exploit for CVE-2024-26919?
At the time of reporting, there are no known active exploits for CVE-2024-26919.
What type of vulnerability is CVE-2024-26919?
CVE-2024-26919 is a debugfs directory leak vulnerability in the USB subsystem of the Linux kernel.