CVE-2024-26716
EPSS
0.04 % (16th)
Advisories
5
In the Linux kernel, the following vulnerability has been resolved:
usb: core: Prevent null pointer dereference in update_port_device_state
Currently, the function update_port_device_state gets the usb_hub from
udev->parent by calling usb_hub_to_struct_hub.
However, in case the actconfig or the maxchild is 0, the usb_hub would
be NULL and upon further accessing to get port_dev would result in null
pointer dereference.
Fix this by introducing an if check after the usb_hub is populated.
- CVE Status
- PUBLISHED
- CNA
- kernel.org
- Published Date
-
2024-04-03 15:15:53
(5 months ago) - Updated Date
-
2024-04-03 17:24:18
(5 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...