CVE-2024-26659
Published: Apr 2, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes such assumption and releases the TD, allowing the remaining TRBs to be freed or overwritten by new TDs. The xHC should also report completion of the final TRB due to its IOC flag being set by us, regardless of prior errors. This event cannot be recognized if the TD has already been freed earlier, resulting in "Transfer event TRB DMA ptr not part of current TD" error message. Fix this by reusing the logic for processing isoc Transaction Errors. This also handles hosts which fail to report the final completion. Fix transfer length reporting on Babble errors. They may be caused by device malfunction, no guarantee that the buffer has been filled.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 04e51901dd44f40a5a385ced897f6bca87d5f40a - < 696e4112e5c1ee61996198f0ebb6ca3fab55166eaffected 04e51901dd44f40a5a385ced897f6bca87d5f40a - < 2aa7bcfdbb46241c701811bbc0d64d7884e3346caffected 04e51901dd44f40a5a385ced897f6bca87d5f40a - < 2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3affected 04e51901dd44f40a5a385ced897f6bca87d5f40a - < f5e7ffa9269a448a720e21f1ed1384d118298c97affected 04e51901dd44f40a5a385ced897f6bca87d5f40a - < 418456c0ce56209610523f21734c5612ee634134+1 more versions |
Linux | Linux | affected 2.6.36unaffected 0 - < 2.6.36unaffected 5.10.213 - <= 5.10.*unaffected 5.15.152 - <= 5.15.*unaffected 6.1.82 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now