CVE-2024-45006

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description A NULL pointer dereference vulnerability has been resolved in the Linux kernel. The issue occurs when re-enumerating full-speed devices after a failed address device command, which can trigger a NULL pointer dereference. This happens because the xhci configure endpoint() function checks and reserves bandwidth in software on Panther point xHC, but the bandwidth table pointers are not set up properly after a failed address device command. The usb ep0 reinit() function calls xhci configure endpoint(), leading to the NULL pointer dereference. To fix this, the bandwidth table pointers need to be set up correctly after a failed address device command, and checking for bandwidth should be avoided in cases where no actual endpoints are added or removed.

Recommendations Update to Linux kernel version 6.6.50 or later to resolve the vulnerability. As a temporary workaround, consider disabling the xhci configure endpoint() function until a patch is available. Restrict access to the usb ep0 reinit() function to minimize the risk of exploitation. Avoid using the xhci reserve bandwidth() function in the affected API endpoint until the issue is resolved.