CVE-2024-45027

Published: Sep 11, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop up the damage. If it fails early enough, before xhci->interrupters is allocated but after xhci->max_interrupters has been set, which happens in most (all?) cases, things get uglier, as xhci_mem_cleanup() unconditionally derefences xhci->interrupters. With prejudice. Gate the interrupt freeing loop with a check on xhci->interrupters being non-NULL. Found while debugging a DMA allocation issue that led the XHCI driver on this exact path.

Vendor	Product	Versions
Linux	Linux	affected `bcd191d7bab25513daf7db78ab32eda60d9484c3 - < 3efb29f6a78d4746f958c1ab6cd7981c5762f03b` affected `c99b38c412343053e9af187e595793c8805bb9b8 - < 770cacc75b0091ece17349195d72133912c1ca7c` affected `c99b38c412343053e9af187e595793c8805bb9b8 - < dcdb52d948f3a17ccd3fce757d9bd981d7c32039`
Linux	Linux	affected `6.8` unaffected `0 - < 6.8` unaffected `6.10.7 - <= 6.10.` unaffected `6.11 - <= `

References

https://git.kernel.org/stable/c/3efb29f6a78d4746f958c1ab6cd7981c5762f03b

https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c

https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-45027

Description

Affected Products

References