Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-36977
HistoryJun 18, 2024 - 12:00 a.m.

CVE-2024-36977

2024-06-1800:00:00
ubuntu.com
ubuntu.com
4
linux
kernel
usb
vulnerability
resolved
dwc3 controller
smmu faults
endxfer completion

AI Score

6.6

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved: usb:
dwc3: Wait unconditionally after issuing EndXfer command Currently all
controller IP/revisions except DWC3_usb3 >= 310a wait 1ms unconditionally
for ENDXFER completion when IOC is not set. This is because DWC_usb3
controller revisions >= 3.10a supports GUCTL2[14: Rst_actbitlater] bit
which allows polling CMDACT bit to know whether ENDXFER command is
completed. Consider a case where an IN request was queued, and parallelly
soft_disconnect was called (due to ffs_epfile_release). This eventually
calls stop_active_transfer with IOC cleared, hence send_gadget_ep_cmd()
skips waiting for CMDACT cleared during EndXfer. For DWC3 controllers with
revisions >= 310a, we don’t forcefully wait for 1ms either, and we proceed
by unmapping the requests. If ENDXFER didn’t complete by this time, it
leads to SMMU faults since the controller would still be accessing those
requests. Fix this by ensuring ENDXFER completion by adding 1ms delay in
__dwc3_stop_active_transfer() unconditionally.

Related

nvd 1
vulnrichment 1
cvelist 1
osv 10
debiancve 1
cve 1
redhatcve 1
ubuntu 4
openvas 7
nessus 8
mageia 2
nvd
nvd
CVE-2024-36977
2024-06-18 20:15:13
vulnrichment
vulnrichment
CVE-2024-36977 usb: dwc3: Wait unconditionally after issuing EndXfer command
2024-06-18 19:27:58
cvelist
cvelist
CVE-2024-36977 usb: dwc3: Wait unconditionally after issuing EndXfer command
2024-06-18 19:27:58
osv
osv
CVE-2024-36977
2024-06-18 20:15:13
UBUNTU-CVE-2024-36977
2024-06-18 20:15:00
linux-azure vulnerabilities
2024-08-13 18:11:04
debiancve
debiancve
CVE-2024-36977
2024-06-18 20:15:13
cve
cve
CVE-2024-36977
2024-06-18 20:15:13
redhatcve
redhatcve
CVE-2024-36977
2024-06-18 23:18:05
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-08-09 00:00:00
Linux kernel (OEM) vulnerabilities
2024-08-12 00:00:00
Linux kernel vulnerabilities
2024-08-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6949-1)
2024-08-09 00:00:00
Ubuntu: Security Advisory (USN-6952-1)
2024-08-09 00:00:00
Ubuntu: Security Advisory (USN-6949-2)
2024-08-14 00:00:00
nessus
nessus
Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6955-1)
2024-08-12 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6952-1)
2024-08-09 00:00:00
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6949-2)
2024-08-13 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2024-07-14 08:23:38
Updated kernel kmod-xtables-addons kmod-virtualbox dwarves packages fix security vulnerabilities
2024-07-13 10:54:44

AI Score

6.6

Confidence

High

JSON
Related for UB:CVE-2024-36977
nvd1vulnrichment1cvelist1osv10debiancve1cve1redhatcve1ubuntu4openvas7nessus8mageia2