CVE-2024-45006— Linux kernel 安全漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-45006 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration re-enumerating full-speed devices after a failed address device command can trigger a NULL pointer dereference. Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size value during enumeration. Usb core calls usb_ep0_reinit() in this case, which ends up calling xhci_configure_endpoint(). On Panther point xHC the xhci_configure_endpoint() function will additionally check and reserve bandwidth in software. Other hosts do this in hardware If xHC address device command fails then a new xhci_virt_device structure is allocated as part of re-enabling the slot, but the bandwidth table pointers are not set up properly here. This triggers the NULL pointer dereference the next time usb_ep0_reinit() is called and xhci_configure_endpoint() tries to check and reserve bandwidth [46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd [46710.713699] usb 3-1: Device not responding to setup address. [46710.917684] usb 3-1: Device not responding to setup address. [46711.125536] usb 3-1: device not accepting address 5, error -71 [46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008 [46711.125600] #PF: supervisor read access in kernel mode [46711.125603] #PF: error_code(0x0000) - not-present page [46711.125606] PGD 0 P4D 0 [46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI [46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1 [46711.125620] Hardware name: Gigabyte Technology Co., Ltd. [46711.125623] Workqueue: usb_hub_wq hub_event [usbcore] [46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c Fix this by making sure bandwidth table pointers are set up correctly after a failed address device command, and additionally by avoiding checking for bandwidth in cases like this where no actual endpoints are added or removed, i.e. only context for default control endpoint 0 is evaluated.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于xhci组件存在空指针解引用漏洞。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2024-45006 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2024-45006 的情报信息
请登录查看更多情报信息。
同批安全公告 · Linux · 2024-09-04 · 共 58 条
| CVE-2024-44989 | Linux kernel 安全漏洞 | |
| CVE-2024-45001 | Linux kernel 安全漏洞 | |
| CVE-2024-45004 | Linux kernel 安全漏洞 | |
| CVE-2024-45003 | Linux kernel 安全漏洞 | |
| CVE-2024-45002 | Linux kernel 安全漏洞 | |
| CVE-2024-45005 | Linux kernel 安全漏洞 | |
| CVE-2024-44993 | Linux kernel 安全漏洞 | |
| CVE-2024-44992 | Linux kernel 安全漏洞 | |
| CVE-2024-44990 | Linux kernel 安全漏洞 | |
| CVE-2024-44991 | Linux kernel 安全漏洞 | |
| CVE-2024-44994 | Linux kernel 安全漏洞 | |
| CVE-2024-44988 | Linux kernel 安全漏洞 | |
| CVE-2024-44987 | Linux kernel 安全漏洞 | |
| CVE-2024-44986 | Linux kernel 安全漏洞 | |
| CVE-2024-44985 | Linux kernel 安全漏洞 | |
| CVE-2024-44983 | Linux kernel 安全漏洞 | |
| CVE-2024-44984 | Linux kernel 安全漏洞 | |
| CVE-2024-44982 | Linux kernel 安全漏洞 | |
| CVE-2024-44981 | Linux kernel 安全漏洞 | |
| CVE-2024-44980 | Linux kernel 安全漏洞 |
显示前 20 条,共 58 条。 查看全部 → →
IV. Related Vulnerabilities
V. Comments for CVE-2024-45006
暂无评论