CVE-2024-26747

usb: roles: fix NULL pointer issue when put module's reference

Description

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the reference after the user put the usb_role_switch device. However, the parent device of usb_role_switch may be removed before the user put the usb_role_switch. If so, then, NULL pointer issue will be met when the user put the parent module's reference. This will save the module pointer in structure of usb_role_switch. Then, we don't need to find module by iterating long relations.

Category

4.4
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1 patch
https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913 patch
https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa patch
https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734 patch
https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db patch
https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list

Frequently Asked Questions

What is the severity of CVE-2024-26747?
CVE-2024-26747 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26747?
To fix CVE-2024-26747, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26747 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26747 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26747?
CVE-2024-26747 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.