Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-26600

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
26/02/2024
Last modified:
05/11/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP<br /> <br /> If the external phy working together with phy-omap-usb2 does not implement<br /> send_srp(), we may still attempt to call it. This can happen on an idle<br /> Ethernet gadget triggering a wakeup for example:<br /> <br /> configfs-gadget.g1 gadget.0: ECM Suspend<br /> configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup<br /> ...<br /> Unable to handle kernel NULL pointer dereference at virtual address<br /> 00000000 when execute<br /> ...<br /> PC is at 0x0<br /> LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]<br /> ...<br /> musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]<br /> usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]<br /> eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c<br /> dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4<br /> sch_direct_xmit from __dev_queue_xmit+0x334/0xd88<br /> __dev_queue_xmit from arp_solicit+0xf0/0x268<br /> arp_solicit from neigh_probe+0x54/0x7c<br /> neigh_probe from __neigh_event_send+0x22c/0x47c<br /> __neigh_event_send from neigh_resolve_output+0x14c/0x1c0<br /> neigh_resolve_output from ip_finish_output2+0x1c8/0x628<br /> ip_finish_output2 from ip_send_skb+0x40/0xd8<br /> ip_send_skb from udp_send_skb+0x124/0x340<br /> udp_send_skb from udp_sendmsg+0x780/0x984<br /> udp_sendmsg from __sys_sendto+0xd8/0x158<br /> __sys_sendto from ret_fast_syscall+0x0/0x58<br /> <br /> Let&amp;#39;s fix the issue by checking for send_srp() and set_vbus() before<br /> calling them. For USB peripheral only cases these both could be NULL.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.7.0 (including) 4.19.307 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20.0 (including) 5.4.269 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5.0 (including) 5.10.210 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11.0 (including) 5.15.149 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16.0 (including) 6.1.78 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2.0 (including) 6.6.17 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7.0 (including) 6.7.5 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools