Unrated severityNVD Advisory· Published Apr 3, 2024· Updated May 4, 2025
usb: core: Prevent null pointer dereference in update_port_device_state
CVE-2024-26716
Description
In the Linux kernel, the following vulnerability has been resolved:
usb: core: Prevent null pointer dereference in update_port_device_state
Currently, the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. However, in case the actconfig or the maxchild is 0, the usb_hub would be NULL and upon further accessing to get port_dev would result in null pointer dereference.
Fix this by introducing an if check after the usb_hub is populated.
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.