Vulnerability-Lookup

BDU:2024-09373

Vulnerability from fstec - Published: 05.03.2024

Title

Уязвимость компонента dwc3-am62 ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента dwc3-am62 ядра операционной системы Linux связана с ошибками управления ресурсами. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «Ред Софт», Canonical Ltd., АО "НППКТ"

Software Name

Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Ubuntu, Linux, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

12 (Debian GNU/Linux), 7.3 (РЕД ОС), 24.04 LTS (Ubuntu), от 6.2 до 6.6.23 включительно (Linux), до 2.11 (ОСОН ОСнова Оnyx), от 6.7 до 6.7.11 включительно (Linux), от 6.8 до 6.8.2 включительно (Linux), от 5.19 до 6.1.83 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26963-3eac@gregkh/T/#u Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2024-26963 Для Ubuntu: https://ubuntu.com/security/CVE-2024-26963 Обновление программного обеспечения linux до версии 6.6.36-0.osnova233

Reference

https://git.kernel.org/linus/6661befe41009c210efa2c1bcd16a5cc4cff8a06 https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975 https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06 https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3 https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26963-3eac@gregkh/ https://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26963-3eac@gregkh/T/#u https://redos.red-soft.ru/support/secure/ https://security-tracker.debian.org/tracker/CVE-2024-26963 https://ubuntu.com/security/CVE-2024-26963 https://ubuntu.com/security/notices/USN-6816-1 https://ubuntu.com/security/notices/USN-6817-1 https://ubuntu.com/security/notices/USN-6817-2 https://ubuntu.com/security/notices/USN-6817-3 https://ubuntu.com/security/notices/USN-6878-1 https://www.cve.org/CVERecord?id=CVE-2024-26963 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.11/

CWE

CWE-399

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Canonical Ltd., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 24.04 LTS (Ubuntu), \u043e\u0442 6.2 \u0434\u043e 6.6.23 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u0434\u043e 2.11 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 6.7 \u0434\u043e 6.7.11 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.8 \u0434\u043e 6.8.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.19 \u0434\u043e 6.1.83 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26963-3eac@gregkh/T/#u\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-26963\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2024-26963\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.6.36-0.osnova233",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.11.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09373",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-26963",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Ubuntu, Linux, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Canonical Ltd. Ubuntu 24.04 LTS , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.11  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux 6.9 rc1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.7 \u0434\u043e 6.7.12 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.8 \u0434\u043e 6.8.3 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.6 \u0434\u043e 6.6.24 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.19 \u0434\u043e 6.1.84 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 dwc3-am62 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c (CWE-399)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 dwc3-am62 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/linus/6661befe41009c210efa2c1bcd16a5cc4cff8a06\nhttps://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c\nhttps://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975\nhttps://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06\nhttps://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d\nhttps://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3\nhttps://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26963-3eac@gregkh/\nhttps://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26963-3eac@gregkh/T/#u\nhttps://redos.red-soft.ru/support/secure/\nhttps://security-tracker.debian.org/tracker/CVE-2024-26963\nhttps://ubuntu.com/security/CVE-2024-26963\nhttps://ubuntu.com/security/notices/USN-6816-1\nhttps://ubuntu.com/security/notices/USN-6817-1\nhttps://ubuntu.com/security/notices/USN-6817-2\nhttps://ubuntu.com/security/notices/USN-6817-3\nhttps://ubuntu.com/security/notices/USN-6878-1\nhttps://www.cve.org/CVERecord?id=CVE-2024-26963\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.11/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-399",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}

CVE-2024-26963 (GCVE-0-2024-26963)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-05-04 09:00

Title

usb: dwc3-am62: fix module unload/reload behavior

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3-am62: fix module unload/reload behavior As runtime PM is enabled, the module can be runtime suspended when .remove() is called. Do a pm_runtime_get_sync() to make sure module is active before doing any register operations. Doing a pm_runtime_put_sync() should disable the refclk so no need to disable it again. Fixes the below warning at module removel. [ 39.705310] ------------[ cut here ]------------ [ 39.710004] clk:162:3 already disabled [ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8 We called of_platform_populate() in .probe() so call the cleanup function of_platform_depopulate() in .remove(). Get rid of the now unnnecessary dwc3_ti_remove_core(). Without this, module re-load doesn't work properly.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6c6a45645a2e6a272…
	https://git.kernel.org/stable/c/7dfed9855397d0df4…
	https://git.kernel.org/stable/c/629b534c42d04f079…
	https://git.kernel.org/stable/c/3895780fabd120d0f…
	https://git.kernel.org/stable/c/6661befe41009c210…

Impacted products

Vendor

Product

Version

Linux

Affected: e8784c0aec03a2581ee55827ba694e129d6a57ad , < 6c6a45645a2e6a272dfde14eddbb6706de63c25d (git)
Affected: e8784c0aec03a2581ee55827ba694e129d6a57ad , < 7dfed9855397d0df4c6f748d1f66547ab3bad766 (git)
Affected: e8784c0aec03a2581ee55827ba694e129d6a57ad , < 629b534c42d04f0797980f2d1ed105fdb8906975 (git)
Affected: e8784c0aec03a2581ee55827ba694e129d6a57ad , < 3895780fabd120d0fbd54354014e85207b25687c (git)
Affected: e8784c0aec03a2581ee55827ba694e129d6a57ad , < 6661befe41009c210efa2c1bcd16a5cc4cff8a06 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26963",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T14:32:32.392082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T14:32:40.225Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/dwc3-am62.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6c6a45645a2e6a272dfde14eddbb6706de63c25d",
              "status": "affected",
              "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad",
              "versionType": "git"
            },
            {
              "lessThan": "7dfed9855397d0df4c6f748d1f66547ab3bad766",
              "status": "affected",
              "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad",
              "versionType": "git"
            },
            {
              "lessThan": "629b534c42d04f0797980f2d1ed105fdb8906975",
              "status": "affected",
              "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad",
              "versionType": "git"
            },
            {
              "lessThan": "3895780fabd120d0fbd54354014e85207b25687c",
              "status": "affected",
              "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad",
              "versionType": "git"
            },
            {
              "lessThan": "6661befe41009c210efa2c1bcd16a5cc4cff8a06",
              "status": "affected",
              "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/dwc3/dwc3-am62.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3-am62: fix module unload/reload behavior\n\nAs runtime PM is enabled, the module can be runtime\nsuspended when .remove() is called.\n\nDo a pm_runtime_get_sync() to make sure module is active\nbefore doing any register operations.\n\nDoing a pm_runtime_put_sync() should disable the refclk\nso no need to disable it again.\n\nFixes the below warning at module removel.\n\n[   39.705310] ------------[ cut here ]------------\n[   39.710004] clk:162:3 already disabled\n[   39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8\n\nWe called of_platform_populate() in .probe() so call the\ncleanup function of_platform_depopulate() in .remove().\nGet rid of the now unnnecessary dwc3_ti_remove_core().\nWithout this, module re-load doesn\u0027t work properly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:55.552Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766"
        },
        {
          "url": "https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975"
        },
        {
          "url": "https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c"
        },
        {
          "url": "https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06"
        }
      ],
      "title": "usb: dwc3-am62: fix module unload/reload behavior",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26963",
    "datePublished": "2024-05-01T05:19:24.573Z",
    "dateReserved": "2024-02-19T14:20:24.201Z",
    "dateUpdated": "2025-05-04T09:00:55.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-09373

CVE-2024-26963 (GCVE-0-2024-26963)

Tags

Sightings

Nomenclature