CVE-2024-57915 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2025-01-19

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-53818	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025011940-CVE-2024-57915-fc93@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-57915
https://www.cve.org/CVERecord?id=CVE-2024-57915

History

Wed, 18 Jun 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Moderate`	threat_severity `None`

Thu, 13 Feb 2025 16:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::
Vendors & Products	Linux Linux linux Kernel
References	https://git.kernel.org/stable/c/0c50f00cc29948184af05bda31392fff5821f4f3 https://git.kernel.org/stable/c/1062b648bff63ed62b2d47a045e08ea9741d98ea https://git.kernel.org/stable/c/13014969cbf07f18d62ceea40bd8ca8ec9d36cec https://git.kernel.org/stable/c/3d730e8758c75b68a0152ee1ac48a270ea6725b4 https://git.kernel.org/stable/c/8e122d780a0f19aefd700dbd0b0e3ed3af0ae97f https://git.kernel.org/stable/c/d2de56cc45ee447f005d63217e84988b4f02faa9 https://git.kernel.org/stable/c/f5f33fb57aae12e4b0add79e0242f458ea0bc510

Thu, 13 Feb 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Considering that in some extreme cases, when performing the unbinding operation, gserial_disconnect has cleared gser->ioport, which triggers gadget reconfiguration, and then calls gs_read_complete, resulting in access to a null pointer. Therefore, ep is disabled before gserial_disconnect sets port to null to prevent this from happening. Call trace: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null	kernel: usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null

Sun, 02 Feb 2025 10:30:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/1062b648bff63ed62b2d47a045e08ea9741d98ea https://git.kernel.org/stable/c/f5f33fb57aae12e4b0add79e0242f458ea0bc510

Fri, 31 Jan 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.13:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.13:rc6::::::
Vendors & Products		Linux Linux linux Kernel

Thu, 23 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/d2de56cc45ee447f005d63217e84988b4f02faa9

Mon, 20 Jan 2025 14:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025011940-CVE-2024-57915-fc93@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-57915 https://www.cve.org/CVERecord?id=CVE-2024-57915
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Sun, 19 Jan 2025 12:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Considering that in some extreme cases, when performing the unbinding operation, gserial_disconnect has cleared gser->ioport, which triggers gadget reconfiguration, and then calls gs_read_complete, resulting in access to a null pointer. Therefore, ep is disabled before gserial_disconnect sets port to null to prevent this from happening. Call trace: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84
Title		usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null
References		https://git.kernel.org/stable/c/0c50f00cc29948184af05bda31392fff5821f4f3 https://git.kernel.org/stable/c/13014969cbf07f18d62ceea40bd8ca8ec9d36cec https://git.kernel.org/stable/c/3d730e8758c75b68a0152ee1ac48a270ea6725b4 https://git.kernel.org/stable/c/8e122d780a0f19aefd700dbd0b0e3ed3af0ae97f

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-01-19T11:52:36.460Z

Updated: 2025-02-13T15:28:03.202Z

Reserved: 2025-01-19T11:50:08.374Z

Link: CVE-2024-57915

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-01-19T12:15:25.673

Modified: 2025-02-13T16:16:43.287

Link: CVE-2024-57915

Redhat

Severity :

Publid Date: 2025-01-19T00:00:00Z

Links: CVE-2024-57915 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object