Unrated severityNVD Advisory· Published May 30, 2024· Updated May 4, 2025

USB: core: Fix access violation during port device removal

CVE-2024-36896

Description

In the Linux kernel, the following vulnerability has been resolved:

Testing with KASAN and syzkaller revealed a bug in port.c:disable_store(): usb_hub_to_struct_hub() can return NULL if the hub that the port belongs to is concurrently removed, but the function does not check for this possibility before dereferencing the returned value.

It turns out that the first dereference is unnecessary, since hub->intfdev is the parent of the port device, so it can be changed easily. Adding a check for hub == NULL prevents further problems.

The same bug exists in the disable_show() routine, and it can be fixed the same way.

Affected products

109

osv-coords108 versions
pkg:rpm/almalinux/kernel-rt pkg:rpm/almalinux/kernel-rt-core pkg:rpm/almalinux/kernel-rt-debug pkg:rpm/almalinux/kernel-rt-debug-core pkg:rpm/almalinux/kernel-rt-debug-devel pkg:rpm/almalinux/kernel-rt-debug-kvm pkg:rpm/almalinux/kernel-rt-debug-modules pkg:rpm/almalinux/kernel-rt-debug-modules-extra pkg:rpm/almalinux/kernel-rt-devel pkg:rpm/almalinux/kernel-rt-kvm pkg:rpm/almalinux/kernel-rt-modules pkg:rpm/almalinux/kernel-rt-modules-extra pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP5 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_5&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_5&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_15&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 4.18.0-553.16.1.rt7.357.el8_10+ 107 more
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 4.18.0-553.16.1.rt7.357.el8_10
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 6.4.0-150600.23.7.3.150600.12.2.7
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.2
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.4
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 5.14.21-150500.55.68.1.150500.6.31.1
- (no CPE)range: < 6.4.0-150600.23.7.3.150600.12.2.7
- (no CPE)range: < 6.4.0-17.1.1.51
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.4
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-1.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150600.1.5.1
- (no CPE)range: < 1-150600.13.3.7
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.4
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.2
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.2
- (no CPE)range: < 6.4.0-18.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-9.1
- (no CPE)range: < 6.4.0-25.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.33.57.1
- (no CPE)range: < 6.4.0-150600.8.5.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.1
- (no CPE)range: < 5.14.21-150500.13.58.1
- (no CPE)range: < 6.4.0-150600.10.5.1
- (no CPE)range: < 5.14.21-150500.55.68.1
- (no CPE)range: < 6.4.0-150600.23.7.3
Linux/Linuxcpe-rescue
Range: 6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000