CVE-2024-57981

Summary

CVE-2024-57981: A vulnerability in the Linux kernel's USB xHCI controller has been resolved. This issue involved a NULL pointer dereference that could occur when handling command aborts. Specifically, if a command was queued to the final TRB (Table of Descriptors) of a ring segment and later aborted, the dequeue pointer would advance to the first TRB of the next segment. If no further commands were queued, the system assumed there was a pending command and attempted to set up a timer, crashing if the current command (cur_cmd) was NULL. To mitigate this issue, the system should only attempt timer setup if cur_cmd is not NULL. The subsequent doorbell ring is harmless and can be left alone. This issue may be related to Bug 219532 but confirmation is pending. The vulnerability has been independently reproduced and confirmed fixed using a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever. Normal system operation continued after preventing crashes.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.