CVE-2024-56670

Published: Dic 27, 2024 Last Modified: Nov 03, 2025 EU-VD ID: EUVD-2024-53318
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer

Considering that in some extreme cases,
when u_serial driver is accessed by multiple threads,
Thread A is executing the open operation and calling the gs_open,
Thread B is executing the disconnect operation and calling the
gserial_disconnect function,The port->port_usb pointer will be set to NULL.

E.g.
Thread A Thread B
gs_open() gadget_unbind_driver()
gs_start_io() composite_disconnect()
gs_start_rx() gserial_disconnect()
... ...
spin_unlock(&port->port_lock)
status = usb_ep_queue() spin_lock(&port->port_lock)
spin_lock(&port->port_lock) port->port_usb = NULL
gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock)
Crash

This causes thread A to access a null pointer (port->port_usb is null)
when calling the gs_free_requests function, causing a crash.

If port_usb is NULL, the release request will be skipped as it
will be done by gserial_disconnect.

So add a null pointer check to gs_start_io before attempting
to access the value of the pointer port->port_usb.

Call trace:
gs_start_io+0x164/0x25c
gs_open+0x108/0x13c
tty_open+0x314/0x638
chrdev_open+0x1b8/0x258
do_dentry_open+0x2c4/0x700
vfs_open+0x2c/0x3c
path_openat+0xa64/0xc60
do_filp_open+0xb8/0x164
do_sys_openat2+0x84/0xf0
__arm64_sys_openat+0x70/0x9c
invoke_syscall+0x58/0x114
el0_svc_common+0x80/0xe0
do_el0_svc+0x1c/0x28
el0_svc+0x38/0x68

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,1th
Updated

EPSS Score Trend (Last 91 Days)

476

NULL Pointer Dereference

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality
Potential Impacts:
Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory
Applicable Platforms
Languages: C, C#, C++, Go, Java
Likelihood of Exploit: Medium
View CWE Details
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 5.5 (inclusive)
To 5.10.232 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 6.7 (inclusive)
To 6.12.6 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version 6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version 6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 2.6.27 (inclusive)
To 5.4.288 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 5.11 (inclusive)
To 5.15.175 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 6.2 (inclusive)
To 6.6.67 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Linux Kernel by Linux

Product Information
Vendor Linux
Product Linux Kernel
Version Range Affected
From 5.16 (inclusive)
To 6.1.121 (exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://git.kernel.org/stable/c/1247e1df086aa6c17ab53cd1bed…
https://git.kernel.org/stable/c/1247e1df086aa6c17ab53cd1bedce70dd7132765
https://git.kernel.org/stable/c/28b3c03a6790de1f6f2683919ad…
https://git.kernel.org/stable/c/28b3c03a6790de1f6f2683919ad657840f0f0f58
https://git.kernel.org/stable/c/4cfbca86f6a8b801f3254e0e3c8…
https://git.kernel.org/stable/c/4cfbca86f6a8b801f3254e0e3c8f2b1d2d64be2b
https://git.kernel.org/stable/c/4efdfdc32d8d6307f968cd99f1d…
https://git.kernel.org/stable/c/4efdfdc32d8d6307f968cd99f1db64468471bab1
https://git.kernel.org/stable/c/8ca07a3d18f39b1669927ef536e…
https://git.kernel.org/stable/c/8ca07a3d18f39b1669927ef536e485787e856df6
https://git.kernel.org/stable/c/c83213b6649d22656b3a4e92544…
https://git.kernel.org/stable/c/c83213b6649d22656b3a4e92544ceeea8a2c6c07
https://git.kernel.org/stable/c/dd6b0ca6025f64ccb465a6a3460…
https://git.kernel.org/stable/c/dd6b0ca6025f64ccb465a6a3460c5b0307ed9c44
https://lists.debian.org/debian-lts-announce/2025/03/msg000…
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg000…
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html