SB2024070187 - Resource management error in Linux kernel usb dwc3 driver
Published: July 1, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070187
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2024-26963)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dwc3_ti_remove_core() and dwc3_ti_remove() functions in drivers/usb/dwc3/dwc3-am62.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d
- https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766
- https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975
- https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c
- https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3