Vulnerability Details : CVE-2024-26659
In the Linux kernel, the following vulnerability has been resolved:
xhci: handle isoc Babble and Buffer Overrun events properly
xHCI 4.9 explicitly forbids assuming that the xHC has released its
ownership of a multi-TRB TD when it reports an error on one of the
early TRBs. Yet the driver makes such assumption and releases the TD,
allowing the remaining TRBs to be freed or overwritten by new TDs.
The xHC should also report completion of the final TRB due to its IOC
flag being set by us, regardless of prior errors. This event cannot
be recognized if the TD has already been freed earlier, resulting in
"Transfer event TRB DMA ptr not part of current TD" error message.
Fix this by reusing the logic for processing isoc Transaction Errors.
This also handles hosts which fail to report the final completion.
Fix transfer length reporting on Babble errors. They may be caused by
device malfunction, no guarantee that the buffer has been filled.
Vulnerability category: Overflow
Products affected by CVE-2024-26659
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-26659
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 1 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-26659
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2025-03-17 |
CWE ids for CVE-2024-26659
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2024-26659
-
https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e
xhci: handle isoc Babble and Buffer Overrun events properly - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/f5e7ffa9269a448a720e21f1ed1384d118298c97
xhci: handle isoc Babble and Buffer Overrun events properly - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/2e3ec80ea7ba58bbb210e83b5a0afefee7c171d3
xhci: handle isoc Babble and Buffer Overrun events properly - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/418456c0ce56209610523f21734c5612ee634134
xhci: handle isoc Babble and Buffer Overrun events properly - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/2aa7bcfdbb46241c701811bbc0d64d7884e3346c
xhci: handle isoc Babble and Buffer Overrun events properly - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/7c4650ded49e5b88929ecbbb631efb8b0838e811
xhci: handle isoc Babble and Buffer Overrun events properly - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
[SECURITY] [DLA 3842-1] linux-5.10 security updateMailing List
Jump to