CVE-2024-42226
Published: July 31, 2024Last modified: June 17, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB Some transfer events don't always point to a TRB, and consequently don't have a endpoint ring. In these cases, function handle_tx_event() should not proceed, because if 'ep->skip' is set, the pointer to the endpoint ring is used. To prevent a potential failure and make the code logical, return after checking the completion code for a Transfer event without TRBs.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.6 |
| Attack Vector | PHYSICAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Unknown (6.1.33-r0) |
| Stream | linux-lts | Unknown (6.1.33-r0) |
References
- https://git.kernel.org/stable/c/1f4a10cb826fdec5cd442df010bcb3043bfd6464
- https://git.kernel.org/stable/c/66cb618bf0bb82859875b00eeffaf223557cb416
- https://git.kernel.org/stable/c/69bed24c82139bbad0a78a075e1834a2ea7bd064
- https://git.kernel.org/stable/c/948554f1bb16e15b90006c109c3a558c66d4c4ac
- https://git.kernel.org/stable/c/9a24eb8010c2dc6a2eba56e3eb9fc07d14ffe00a
- https://git.kernel.org/stable/c/c0ee01e8ba19ff7edc98f68a114d4789faa219b9