cve-2024-50075
Vulnerability from cvelistv5
Published
2024-10-29 00:50
Modified
2024-12-19 09:32
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less than total USB2 phy number supported by the Tegra XUSB controller. Using total USB2 phy number as port number to check all PORTSC values would cause invalid memory access. [ 116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f ... [ 117.213640] Call trace: [ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658 [ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68 [ 117.227260] pm_generic_runtime_suspend+0x30/0x50 [ 117.232847] __rpm_callback+0x84/0x3c0 [ 117.237038] rpm_suspend+0x2dc/0x740 [ 117.241229] pm_runtime_work+0xa0/0xb8 [ 117.245769] process_scheduled_works+0x24c/0x478 [ 117.251007] worker_thread+0x23c/0x328 [ 117.255547] kthread+0x104/0x1b0 [ 117.259389] ret_from_fork+0x10/0x20 [ 117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)
Impacted products
Vendor Product Version
Linux Linux Version: 6.3
Show details on NVD website


{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci-tegra.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9c696bf4ab54c7cec81221887564305f0ceeac0a",
              "status": "affected",
              "version": "a30951d31b250bf3479c00e93646b6cc6fb42a56",
              "versionType": "git"
            },
            {
              "lessThan": "c46555f14b71f95a447f5d49fc3f1f80a1472da2",
              "status": "affected",
              "version": "a30951d31b250bf3479c00e93646b6cc6fb42a56",
              "versionType": "git"
            },
            {
              "lessThan": "7d381137cb6ecf558ef6698c7730ddd482d4c8f2",
              "status": "affected",
              "version": "a30951d31b250bf3479c00e93646b6cc6fb42a56",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci-tegra.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.58",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: tegra: fix checked USB2 port number\n\nIf USB virtualizatoin is enabled, USB2 ports are shared between all\nVirtual Functions. The USB2 port number owned by an USB2 root hub in\na Virtual Function may be less than total USB2 phy number supported\nby the Tegra XUSB controller.\n\nUsing total USB2 phy number as port number to check all PORTSC values\nwould cause invalid memory access.\n\n[  116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f\n...\n[  117.213640] Call trace:\n[  117.216783]  tegra_xusb_enter_elpg+0x23c/0x658\n[  117.222021]  tegra_xusb_runtime_suspend+0x40/0x68\n[  117.227260]  pm_generic_runtime_suspend+0x30/0x50\n[  117.232847]  __rpm_callback+0x84/0x3c0\n[  117.237038]  rpm_suspend+0x2dc/0x740\n[  117.241229] pm_runtime_work+0xa0/0xb8\n[  117.245769]  process_scheduled_works+0x24c/0x478\n[  117.251007]  worker_thread+0x23c/0x328\n[  117.255547]  kthread+0x104/0x1b0\n[  117.259389]  ret_from_fork+0x10/0x20\n[  117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:32:31.440Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9c696bf4ab54c7cec81221887564305f0ceeac0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c46555f14b71f95a447f5d49fc3f1f80a1472da2"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d381137cb6ecf558ef6698c7730ddd482d4c8f2"
        }
      ],
      "title": "xhci: tegra: fix checked USB2 port number",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-50075",
    "datePublished": "2024-10-29T00:50:17.304Z",
    "dateReserved": "2024-10-21T19:36:19.940Z",
    "dateUpdated": "2024-12-19T09:32:31.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-50075\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-29T01:15:04.613\",\"lastModified\":\"2024-11-01T15:51:59.300\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxhci: tegra: fix checked USB2 port number\\n\\nIf USB virtualizatoin is enabled, USB2 ports are shared between all\\nVirtual Functions. The USB2 port number owned by an USB2 root hub in\\na Virtual Function may be less than total USB2 phy number supported\\nby the Tegra XUSB controller.\\n\\nUsing total USB2 phy number as port number to check all PORTSC values\\nwould cause invalid memory access.\\n\\n[  116.923438] Unable to handle kernel paging request at virtual address 006c622f7665642f\\n...\\n[  117.213640] Call trace:\\n[  117.216783]  tegra_xusb_enter_elpg+0x23c/0x658\\n[  117.222021]  tegra_xusb_runtime_suspend+0x40/0x68\\n[  117.227260]  pm_generic_runtime_suspend+0x30/0x50\\n[  117.232847]  __rpm_callback+0x84/0x3c0\\n[  117.237038]  rpm_suspend+0x2dc/0x740\\n[  117.241229] pm_runtime_work+0xa0/0xb8\\n[  117.245769]  process_scheduled_works+0x24c/0x478\\n[  117.251007]  worker_thread+0x23c/0x328\\n[  117.255547]  kthread+0x104/0x1b0\\n[  117.259389]  ret_from_fork+0x10/0x20\\n[  117.263582] Code: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xhci: tegra: fix checked USB2 port number Si la virtualizaci\u00f3n USB est\u00e1 habilitada, los puertos USB2 se comparten entre todas las funciones virtuales. El n\u00famero de puerto USB2 que posee un concentrador ra\u00edz USB2 en una funci\u00f3n virtual puede ser menor que el n\u00famero total de puertos USB2 compatibles con el controlador Tegra XUSB. El uso del n\u00famero total de puertos USB2 como n\u00famero de puerto para verificar todos los valores PORTSC provocar\u00eda un acceso no v\u00e1lido a la memoria. [ 116.923438] No se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual 006c622f7665642f ... [ 117.213640] Rastreo de llamadas: [ 117.216783] tegra_xusb_enter_elpg+0x23c/0x658 [ 117.222021] tegra_xusb_runtime_suspend+0x40/0x68 [ 117.227260] pm_generic_runtime_suspend+0x30/0x50 [ 117.232847] __rpm_callback+0x84/0x3c0 [ 117.237038] rpm_suspend+0x2dc/0x740 [ 117.241229] pm_runtime_work+0xa0/0xb8 [ 117.245769] proceso_trabajo_programado+0x24c/0x478 [ 117.251007] subproceso_trabajador+0x23c/0x328 [ 117.255547] kthread+0x104/0x1b0 [ 117.259389] ret_from_fork+0x10/0x20 [ 117.263582] C\u00f3digo: 54000222 f9461ae8 f8747908 b4ffff48 (f9400100)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3\",\"versionEndExcluding\":\"6.6.58\",\"matchCriteriaId\":\"591A1F12-B1AF-4766-A668-EF6389C97C28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.5\",\"matchCriteriaId\":\"6E62D61A-F704-44DB-A311-17B7534DA7BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/7d381137cb6ecf558ef6698c7730ddd482d4c8f2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9c696bf4ab54c7cec81221887564305f0ceeac0a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c46555f14b71f95a447f5d49fc3f1f80a1472da2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.