CVE-2024-42244

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 7, 2024
Updated: Aug 8, 2024

Summary

CVE-2024-42244: A vulnerability was identified in the Linux kernel's USB serial driver, specifically in the mos7840 driver. Due to a coding error, the driver's resume function calls the generic resume implementation instead of having its own, leading to a crash on resume. This issue was introduced after the introduction of multiple read URBs for open ports in 2011. To address this, dedicated suspend and resume functions have been implemented for mos7840. The vulnerability was confirmed with a Delock 87414 USB 2.0 to 4x serial adapter. The fix includes analyzing the crash, setting a busy flag on resume, dropping the bulk-in check, and removing the unnecessary usb_kill_urb() call.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share