Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2024-42244
HistoryAug 07, 2024 - 4:15 p.m.

CVE-2024-42244

2024-08-0716:15:47
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
6
linux kernel
vulnerability
usb serial driver
mos7840
crash
resume
fix

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

USB: serial: mos7840: fix crash on resume

Since commit c49cfa917025 (“USB: serial: use generic method if no
alternative is provided in usb serial layer”), USB serial core calls the
generic resume implementation when the driver has not provided one.

This can trigger a crash on resume with mos7840 since support for
multiple read URBs was added back in 2011. Specifically, both port read
URBs are now submitted on resume for open ports, but the context pointer
of the second URB is left set to the core rather than mos7840 port
structure.

Fix this by implementing dedicated suspend and resume functions for
mos7840.

Tested with Delock 87414 USB 2.0 to 4x serial adapter.

[ johan: analyse crash and rewrite commit message; set busy flag on
resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]

Affected configurations

Nvd
Node
linuxlinux_kernelRange3.35.10.222
OR
linuxlinux_kernelRange5.115.15.163
OR
linuxlinux_kernelRange5.166.1.100
OR
linuxlinux_kernelRange6.26.6.41
OR
linuxlinux_kernelRange6.76.9.10
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Related

cbl_mariner 2
vulnrichment 1
cvelist 1
osv 12
ubuntucve 1
cve 1
redhatcve 1
debiancve 1
nessus 13
openvas 5
oraclelinux 1
cbl_mariner
cbl_mariner
CVE-2024-42244 affecting package kernel for versions less than 6.6.43.1-7
2024-08-14 20:43:58
CVE-2024-42244 affecting package kernel for versions less than 5.15.164.1-1
2024-08-20 21:54:44
vulnrichment
vulnrichment
CVE-2024-42244 USB: serial: mos7840: fix crash on resume
2024-08-07 15:14:30
cvelist
cvelist
CVE-2024-42244 USB: serial: mos7840: fix crash on resume
2024-08-07 15:14:30
osv
osv
CVE-2024-42244
2024-08-07 16:15:47
linux - security update
2024-08-12 00:00:00
Security update for the Linux Kernel
2024-09-10 08:45:03
ubuntucve
ubuntucve
CVE-2024-42244
2024-08-07 00:00:00
cve
cve
CVE-2024-42244
2024-08-07 16:15:47
redhatcve
redhatcve
CVE-2024-42244
2024-08-08 17:47:41
debiancve
debiancve
CVE-2024-42244
2024-08-07 16:15:47
nessus
nessus
CBL Mariner 2.0 Security Update: kernel (CVE-2024-42244)
2024-08-22 00:00:00
Debian dsa-5747 : affs-modules-5.10.0-29-4kc-malta-di - security update
2024-08-12 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3189-1)
2024-09-11 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5747-1)
2024-08-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:3252-1)
2024-09-17 00:00:00
Ubuntu: Security Advisory (USN-7009-1)
2024-09-16 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2024-09-12 00:00:00

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.0%

JSON
Related for NVD:CVE-2024-42244
cbl_mariner2vulnrichment1cvelist1osv12ubuntucve1cve1redhatcve1debiancve1nessus13openvas5oraclelinux1