vulnerability

Debian: CVE-2024-56698: linux, linux-6.1 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Dec 28, 2024	Jan 13, 2025	Aug 15, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Dec 28, 2024

Added

Jan 13, 2025

Modified

Aug 15, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix looping of queued SG entries

The dwc3_request->num_queued_sgs is decremented on completion. If a
partially completed request is handled, then the
dwc3_request->num_queued_sgs no longer reflects the total number of
num_queued_sgs (it would be cleared).

Correctly check the number of request SG entries remained to be prepare
and queued. Failure to do this may cause null pointer dereference when
accessing non-existent SG entry.

Solutions

debian-upgrade-linuxdebian-upgrade-linux-6-1

References

CVE-2024-56698
https://attackerkb.com/topics/CVE-2024-56698
CWE-476
DEBIAN-DLA-4075-1
DEBIAN-DLA-4076-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today