CVE-2024-46674Use After Free in Linux

CWE-416Use After Free7 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
LinuxLinux KernelDebian Linux+9 more
Timeline
PublishedSep 13
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when relea

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

NVDlinux/linux_kernel3.184.19.321+7
Debianlinux/linux_kernel< 5.10.226-1+3
CVEListV5linux/linuxf83fca0707c66e36f14efef7f68702cb12de70b7b0979a885b9d4df2a25b88e9d444ccaa5f9f495c+8

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2024-46674: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe2024-09-13
GHSA
GHSA-r3gx-4wx6-8mr3: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The prob2024-09-13

📋Vendor Advisories

4
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Red Hat
kernel: usb: dwc3: st: fix probed platform device ref count on probe error path2024-09-13
Microsoft
usb: dwc3: st: fix probed platform device ref count on probe error path2024-09-10
Debian
CVE-2024-46674: linux - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ...2024
CVE-2024-46674 — Use After Free in Linux | cvebase