vulnerability

Debian: CVE-2024-56698: linux, linux-6.1 -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Dec 28, 2024

Added

Jan 13, 2025

Modified

Mar 30, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Fix looping of queued SG entries

The dwc3_request->num_queued_sgs is decremented on completion. If a
partially completed request is handled, then the
dwc3_request->num_queued_sgs no longer reflects the total number of
num_queued_sgs (it would be cleared).

Correctly check the number of request SG entries remained to be prepare
and queued. Failure to do this may cause null pointer dereference when
accessing non-existent SG entry.

Solutions

debian-upgrade-linuxdebian-upgrade-linux-6-1

References

CVE-2024-56698
https://attackerkb.com/topics/CVE-2024-56698
CWE-476
DEBIAN-DLA-4075-1
DEBIAN-DLA-4076-1
EUVD-EUVD-2024-53346
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-53346

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report