{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-45006",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-08-21T05:34:56.679Z",
        "datePublished": "2024-09-04T19:54:48.353Z",
        "dateUpdated": "2024-09-15T17:56:52.623Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-09-15T17:56:52.623Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated."
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/usb/host/xhci.c"
                    ],
                    "versions": [
                        {
                            "version": "651aaf36a7d7",
                            "lessThan": "ef0a0e616b27",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "651aaf36a7d7",
                            "lessThan": "a57b0ebabe68",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "651aaf36a7d7",
                            "lessThan": "0f0654318e25",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "651aaf36a7d7",
                            "lessThan": "365ef7c4277f",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "651aaf36a7d7",
                            "lessThan": "5ad898ae8241",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "651aaf36a7d7",
                            "lessThan": "6b99de301d78",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "651aaf36a7d7",
                            "lessThan": "8fb9d412ebe2",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "651aaf36a7d7",
                            "lessThan": "af8e119f52e9",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/usb/host/xhci.c"
                    ],
                    "versions": [
                        {
                            "version": "4.15",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "4.15",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.19.321",
                            "lessThanOrEqual": "4.19.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.4.283",
                            "lessThanOrEqual": "5.4.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.225",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.15.166",
                            "lessThanOrEqual": "5.15.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.1.107",
                            "lessThanOrEqual": "6.1.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.6.48",
                            "lessThanOrEqual": "6.6.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.10.7",
                            "lessThanOrEqual": "6.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "6.11",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6"
                },
                {
                    "url": "https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b"
                },
                {
                    "url": "https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59"
                },
                {
                    "url": "https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d"
                },
                {
                    "url": "https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea"
                },
                {
                    "url": "https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1"
                },
                {
                    "url": "https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd"
                },
                {
                    "url": "https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656"
                }
            ],
            "title": "xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration",
            "x_generator": {
                "engine": "bippy-c9c4e1df01b2"
            }
        },
        "adp": [
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-09-04T20:18:09.033910Z",
                                "id": "CVE-2024-45006",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-09-04T20:18:29.841Z"
                }
            }
        ]
    }
}