CVE-2024-26659 — Out-of-bounds Write in Linux
Severity
5.5MEDIUMNVD
OSV7.0OSV6.5
EPSS
0.0%
top 99.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 2
Latest updateAug 2
Description
In the Linux kernel, the following vulnerability has been resolved:
xhci: handle isoc Babble and Buffer Overrun events properly
xHCI 4.9 explicitly forbids assuming that the xHC has released its
ownership of a multi-TRB TD when it reports an error on one of the
early TRBs. Yet the driver makes such assumption and releases the TD,
allowing the remaining TRBs to be freed or overwritten by new TDs.
The xHC should also report completion of the final TRB due to its IOC
flag being set by us, regard…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux04e51901dd44f40a5a385ced897f6bca87d5f40a — 696e4112e5c1ee61996198f0ebb6ca3fab55166e+6
Also affects: Debian Linux 10.0
Patches
🔴Vulnerability Details
17📋Vendor Advisories
17💬Community
1Bugzilla
▶