CVE-2024-53070

usb: dwc3: fix fault at system suspend if device was already runtime suspended

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend we cannot access the device registers else it will crash. Also we cannot access any registers after dwc3_core_exit() on some platforms so move the dwc3_enable_susphy() call to the top.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d9e65d461a9de037e7c9d584776d025cfce6d86d patch
https://git.kernel.org/stable/c/562804b1561cc248cc37746a1c96c83cab1d7209 patch
https://git.kernel.org/stable/c/4abc5ee334fe4aba50461c45fdaaa4c5e5c57789 patch
https://git.kernel.org/stable/c/06b98197b69e2f2af9cb1991ee0b1c876edf7b86 patch
https://git.kernel.org/stable/c/9cfb31e4c89d200d8ab7cb1e0bb9e6e8d621ca0b patch

Frequently Asked Questions

What is the severity of CVE-2024-53070?
CVE-2024-53070 has been scored as a medium severity vulnerability.
How to fix CVE-2024-53070?
To fix CVE-2024-53070, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53070 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-53070 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53070?
CVE-2024-53070 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.