CVE-2024-42244Resource Injection in Linux

CWE-99Resource Injection57 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.8
EPSS
0.0%
top 90.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedAug 7
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDlinux/linux_kernel3.35.10.222+4
Debianlinux/linux_kernel< 5.10.223-1+3
Ubuntulinux/linux_kernel< 5.4.0-200.220+4

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

27
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2024-12-10
OSV
linux-iot vulnerabilities2024-11-19
OSV
linux-lowlatency, linux-lowlatency-hwe-6.8 vulnerabilities2024-11-19
OSV
linux-gke vulnerabilities2024-11-15

📋Vendor Advisories

29
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel vulnerabilities2024-12-10
Ubuntu
Linux kernel (IoT) vulnerabilities2024-11-19
Ubuntu
Linux kernel (Low Latency) vulnerabilities2024-11-19
CVE-2024-42244 — Resource Injection in Linux | cvebase