CVE-2024-53070Improper Control of a Resource Through its Lifetime in Linux

CWE-664Improper Control of a Resource Through its Lifetime5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedNov 19

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend we cannot access the device registers else it will crash. Also we cannot access any registers after dwc3_core_exit() on some platforms so move the dwc3_enable_susphy() call to the top.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel5.15.1705.15.172+3
Debianlinux/linux_kernel< 6.1.119-1+2
CVEListV5linux/linux073530898ebf44a9418434e899cfa9ca86945333d9e65d461a9de037e7c9d584776d025cfce6d86d+8
debiandebian/linux< linux 6.1.119-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.119-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-363w-4gjr-hxxf: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended I2024-11-19
OSV
CVE-2024-53070: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If2024-11-19

📋Vendor Advisories

2
Red Hat
kernel: usb: dwc3: fix fault at system suspend if device was already runtime suspended2024-11-19
Debian
CVE-2024-53070: linux - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ...2024