Executive Summary

Informations
Name CVE-2024-45006 First vendor Publication 2024-09-04
Vendor Cve Last vendor Modification 2024-09-06

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

re-enumerating full-speed devices after a failed address device command can trigger a NULL pointer dereference.

Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size value during enumeration. Usb core calls usb_ep0_reinit() in this case, which ends up calling xhci_configure_endpoint().

On Panther point xHC the xhci_configure_endpoint() function will additionally check and reserve bandwidth in software. Other hosts do this in hardware

If xHC address device command fails then a new xhci_virt_device structure is allocated as part of re-enabling the slot, but the bandwidth table pointers are not set up properly here. This triggers the NULL pointer dereference the next time usb_ep0_reinit() is called and xhci_configure_endpoint() tries to check and reserve bandwidth

[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd [46710.713699] usb 3-1: Device not responding to setup address. [46710.917684] usb 3-1: Device not responding to setup address. [46711.125536] usb 3-1: device not accepting address 5, error -71 [46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008 [46711.125600] #PF: supervisor read access in kernel mode [46711.125603] #PF: error_code(0x0000) - not-present page [46711.125606] PGD 0 P4D 0 [46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI [46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1 [46711.125620] Hardware name: Gigabyte Technology Co., Ltd. [46711.125623] Workqueue: usb_hub_wq hub_event [usbcore] [46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c

Fix this by making sure bandwidth table pointers are set up correctly after a failed address device command, and additionally by avoiding checking for bandwidth in cases like this where no actual endpoints are added or removed, i.e. only context for default control endpoint 0 is evaluated.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45006

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3602

Sources (Detail)

https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59
https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d
https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea
https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1
https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd
https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b
https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656
https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2024-10-03 02:53:34
  • Multiple Updates
2024-10-02 02:51:58
  • Multiple Updates
2024-09-14 21:29:51
  • Multiple Updates
2024-09-12 00:27:28
  • Multiple Updates
2024-09-06 21:27:26
  • Multiple Updates
2024-09-05 17:27:24
  • Multiple Updates
2024-09-05 00:27:25
  • First insertion