CVE-2024-26964: usb: xhci: Add error handling in xhci_map_urb_for_dma

Published May 1, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Add error handling in xhcimapurbfordma

Currently xhcimapurbfordma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzallocnode() fails, then the following sgpcopytobuffer() can lead to crash since it tries to memcpy to NULL pointer.

So return -ENOMEM if kzalloc returns null pointer.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Add error handling in xhcimapurbfordma

The Linux kernel CVE team has assigned CVE-2024-26964 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26964-54c8@gregkh/T

Red Hat

Affected Software

16 affected componentsFixes available
redhat/kernel<5.15.154
5.15.154
redhat/kernel<6.1.84
6.1.84
redhat/kernel<6.6.24
6.6.24
redhat/kernel<6.7.12
6.7.12
redhat/kernel<6.8.3
6.8.3
redhat/kernel<6.9
6.9
Linux Linux kernel>=5.11<5.15.154
Linux Linux kernel>=5.16<6.1.84
Linux Linux kernel>=6.2<6.6.24
Linux Linux kernel>=6.7<6.7.12
Linux Linux kernel>=6.8<6.8.3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-1

Remediation

Patch Available

https://git.kernel.org/stable/c/4a49d24fdec0a802aa686a567a3989a9fdf4e5dd

Patch Available

https://git.kernel.org/stable/c/620b6cf2f1a270f48d38e6b8ce199c1acb3e90f4

Patch Available

https://git.kernel.org/stable/c/7b6cc33593d7ccfc3011b290849cfa899db46757

Patch Available

https://git.kernel.org/stable/c/962300a360d24c5be5a188cda48da58a37e4304d

Patch Available

https://git.kernel.org/stable/c/b2c898469dfc388f619c6c972a28466cbb1442ea

Patch Available

https://git.kernel.org/stable/c/be95cc6d71dfd0cba66e3621c65413321b398052

Event History

May 1, 2024
CVE Published
via MITRE·05:19 AM
Data Sourced
via MITRE·05:19 AM
Description
Data Sourced
via Red Hat·04:24 PM
DescriptionSeverityAffected Software
Jun 8, 2024
Data Sourced
via Launchpad·01:11 AM
Description
Apr 28, 2025
Data Sourced
via Ubuntu·02:22 PM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-26964?

CVE-2024-26964 has been classified as a medium severity vulnerability based on its potential impact on system stability.

2

How do I fix CVE-2024-26964?

To fix CVE-2024-26964, you should upgrade to the kernel versions 5.15.154, 6.1.84, 6.6.24, 6.7.12, 6.8.3, or 6.9 depending on your system.

3

Which operating systems are affected by CVE-2024-26964?

CVE-2024-26964 affects various Linux distributions that utilize the Linux kernel versions below the specified fixed versions.

4

What is the impact of CVE-2024-26964 on the Linux kernel?

CVE-2024-26964 may cause inadequate error handling in the Linux kernel's USB subsystem, potentially leading to system instability.

5

Is CVE-2024-26964 related to any specific Linux kernel components?

Yes, CVE-2024-26964 specifically affects the xHCI USB host controller driver in the Linux kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203