Release Date: | 2024-08-07 |
In the Linux kernel, the following vulnerability has been resolved:\nUSB: serial: mos7840: fix crash on resume\nSince commit c49cfa917025 ('USB: serial: use generic method if no\nalternative is provided in usb serial layer'), USB serial core calls the\ngeneric resume implementation when the driver has not provided one.\nThis can trigger a crash on resume with mos7840 since support for\nmultiple read URBs was added back in 2011. Specifically, both port read\nURBs are now submitted on resume for open ports, but the context pointer\nof the second URB is left set to the core rather than mos7840 port\nstructure.\nFix this by implementing dedicated suspend and resume functions for\nmos7840.\nTested with Delock 87414 USB 2.0 to 4x serial adapter.\n[ johan: analyse crash and rewrite commit message; set busy flag on\nresume; drop bulk-in check; drop unnecessary usb_kill_urb() ]
See more information about CVE-2024-42244 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
Base Score: | 4.4 |
Vector String: | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Version: | 3.1 |
Attack Vector: | Local |
Attack Complexity: | Low |
Privileges Required: | High |
User Interaction: | None |
Scope: | Unchanged |
Confidentiality: | None |
Integrity: | None |
Availability: | High |
Platform | Errata | Release Date |
Oracle Linux version 8 (kernel) | ELSA-2024-8856 | 2024-11-05 |
Oracle Linux version 8 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
Oracle Linux version 9 (kernel) | ELSA-2024-10274 | 2024-11-26 |
Oracle Linux version 9 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: