CVE-2024-56698

usb: dwc3: gadget: Fix looping of queued SG entries

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7 patch
https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28 patch
https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9 patch
https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627 patch
https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ec patch
https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859 patch
https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524 patch

Frequently Asked Questions

What is the severity of CVE-2024-56698?
CVE-2024-56698 has been scored as a medium severity vulnerability.
How to fix CVE-2024-56698?
To fix CVE-2024-56698, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56698 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56698 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56698?
CVE-2024-56698 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.