CVE - CVE-2024-46675

CVE-ID
CVE-2024-46675	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms. The problem arises from the following sequence. 1. In dwc3_gadget_suspend, there is a chance of a timeout when moving the USB core to the halt state after clearing the run/stop bit by software. 2. In dwc3_core_exit, the event buffer is cleared regardless of the USB core's status, which may lead to an SMMU faults and other memory issues. if the USB core tries to access the event buffer address. To prevent this hardware quirk on Exynos platforms, this commit ensures that the event buffer address is not cleared by software when the USB core is active during runtime suspend by checking its status before clearing the buffer address.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93 URL:https://git.kernel.org/stable/c/111277b881def3153335acfe0d1f43e6cd83ac93 MISC:https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9 URL:https://git.kernel.org/stable/c/14e497183df28c006603cc67fd3797a537eef7b9 MISC:https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b URL:https://git.kernel.org/stable/c/2189fd13c577d7881f94affc09c950a795064c4b MISC:https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab URL:https://git.kernel.org/stable/c/7bb11a75dd4d3612378b90e2a4aa49bdccea28ab MISC:https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f URL:https://git.kernel.org/stable/c/b72da4d89b97da71e056cc4d1429b2bc426a9c2f MISC:https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914 URL:https://git.kernel.org/stable/c/d2afc2bffec77316b90d530b07695e3f534df914 MISC:https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72 URL:https://git.kernel.org/stable/c/e23f6ad8d110bf632f7471482e10b43dc174fb72 MISC:https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f URL:https://git.kernel.org/stable/c/eca3f543f817da87c00d1a5697b473efb548204f
Assigning CNA
kernel.org
Date Record Created
20240911	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240911)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)