DEBIAN-CVE-2024-26747

DEBIAN-CVE-2024-26747 PUBLISHED CVSS 4.400000095367432 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the reference after the user put the usb_role_switch device. However, the parent device of usb_role_switch may be removed before the user put the usb_role_switch. If so, then, NULL pointer issue will be met when the user put the parent module's reference. This will save the module pointer in structure of usb_role_switch. Then, we don't need to find module by iterating long relations.

Risk Scores

CVSS v3.1

4.400000095367432

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 0
Debian:12	linux	0, 6.1.27-1, 6.1.37-1
Debian:11	linux	*, 5.10.92-2, 5.10.209-1
Debian:14	linux	0, 0

Timeline

Apr 3, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-26747 advisory

Open in Interactive Console →