CVE-2024-36896: USB: core: Fix access violation during port device removal
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix access violation during port device removal
Testing with KASAN and syzkaller revealed a bug in port.c:disablestore(): usbhubtostructhub() can return NULL if the hub that the port belongs to is concurrently removed, but the function does not check for this possibility before dereferencing the returned value.
It turns out that the first dereference is unnecessary, since hub->intfdev is the parent of the port device, so it can be changed easily. Adding a check for hub == NULL prevents further problems.
The same bug exists in the disableshow() routine, and it can be fixed the same way.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix access violation during port device removal
The Linux kernel CVE team has assigned CVE-2024-36896 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024053034-CVE-2024-36896-783f@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-36896?
CVE-2024-36896 has not been assigned a CVSS score but is considered a critical access violation vulnerability.
How do I fix CVE-2024-36896?
To fix CVE-2024-36896, update your kernel to the latest patched versions provided by your distribution.
What systems are affected by CVE-2024-36896?
CVE-2024-36896 affects multiple versions of the Linux kernel across various distributions, including Red Hat and Debian.
What type of vulnerability is CVE-2024-36896?
CVE-2024-36896 is an access violation vulnerability that occurs during the USB port device removal process.
Is there a specific patch for CVE-2024-36896?
Yes, patches for CVE-2024-36896 are included in kernel versions 6.1.91, 6.6.31, 6.8.10, 6.9, and specific Debian Linux kernel updates.