SB2024060377 - Improper locking in Linux kernel usb core driver
Published: June 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024060377
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-26933)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05
- https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95c
- https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7
- https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e
- https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3