Linux · Linux Kernel · CVE-2024-26715
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
The issue is related to a NULL pointer dereference in the `dwc3 gadget suspend()` function. This can occur when Plug-out and Plug-In actions are performed continuously, leading to a situation where the `dwc->gadget driver` variable is checked and found to be NULL, resulting in a NULL pointer dereference. The call stack involves `gadget unbind driver`, `dwc3 suspend common`, `dwc3 gadget stop`, `dwc3 gadget suspend`, and `dwc3 disconnect gadget` functions. This issue can potentially allow an attacker to cause a denial of service.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.