vulnerability

SUSE: CVE-2024-45006: SUSE Linux Security Advisory

Try Surface Command
Back to search
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Oct 8, 2024
Added
Dec 5, 2025
Modified
Dec 5, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

re-enumerating full-speed devices after a failed address device command
can trigger a NULL pointer dereference.

Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size
value during enumeration. Usb core calls usb_ep0_reinit() in this case,
which ends up calling xhci_configure_endpoint().

On Panther point xHC the xhci_configure_endpoint() function will
additionally check and reserve bandwidth in software. Other hosts do
this in hardware

If xHC address device command fails then a new xhci_virt_device structure
is allocated as part of re-enabling the slot, but the bandwidth table
pointers are not set up properly here.
This triggers the NULL pointer dereference the next time usb_ep0_reinit()
is called and xhci_configure_endpoint() tries to check and reserve
bandwidth

[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd
[46710.713699] usb 3-1: Device not responding to setup address.
[46710.917684] usb 3-1: Device not responding to setup address.
[46711.125536] usb 3-1: device not accepting address 5, error -71
[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008
[46711.125600] #PF: supervisor read access in kernel mode
[46711.125603] #PF: error_code(0x0000) - not-present page
[46711.125606] PGD 0 P4D 0
[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1
[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.
[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]
[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c

Fix this by making sure bandwidth table pointers are set up correctly
after a failed address device command, and additionally by avoiding
checking for bandwidth in cases like this where no actual endpoints are
added or removed, i.e. only context for default control endpoint 0 is
evaluated.

Solutions

suse-upgrade-cluster-md-kmp-64kbsuse-upgrade-cluster-md-kmp-azuresuse-upgrade-cluster-md-kmp-defaultsuse-upgrade-cluster-md-kmp-rtsuse-upgrade-dlm-kmp-64kbsuse-upgrade-dlm-kmp-azuresuse-upgrade-dlm-kmp-defaultsuse-upgrade-dlm-kmp-rtsuse-upgrade-dtb-allwinnersuse-upgrade-dtb-alterasuse-upgrade-dtb-amazonsuse-upgrade-dtb-amdsuse-upgrade-dtb-amlogicsuse-upgrade-dtb-apmsuse-upgrade-dtb-applesuse-upgrade-dtb-armsuse-upgrade-dtb-broadcomsuse-upgrade-dtb-caviumsuse-upgrade-dtb-exynossuse-upgrade-dtb-freescalesuse-upgrade-dtb-hisiliconsuse-upgrade-dtb-lgsuse-upgrade-dtb-marvellsuse-upgrade-dtb-mediateksuse-upgrade-dtb-nvidiasuse-upgrade-dtb-qcomsuse-upgrade-dtb-renesassuse-upgrade-dtb-rockchipsuse-upgrade-dtb-socionextsuse-upgrade-dtb-sprdsuse-upgrade-dtb-xilinxsuse-upgrade-gfs2-kmp-64kbsuse-upgrade-gfs2-kmp-azuresuse-upgrade-gfs2-kmp-defaultsuse-upgrade-gfs2-kmp-rtsuse-upgrade-kernel-64kbsuse-upgrade-kernel-64kb-develsuse-upgrade-kernel-64kb-extrasuse-upgrade-kernel-64kb-livepatch-develsuse-upgrade-kernel-64kb-optionalsuse-upgrade-kernel-azuresuse-upgrade-kernel-azure-develsuse-upgrade-kernel-azure-extrasuse-upgrade-kernel-azure-livepatch-develsuse-upgrade-kernel-azure-optionalsuse-upgrade-kernel-azure-vdsosuse-upgrade-kernel-debugsuse-upgrade-kernel-debug-develsuse-upgrade-kernel-debug-livepatch-develsuse-upgrade-kernel-debug-vdsosuse-upgrade-kernel-defaultsuse-upgrade-kernel-default-basesuse-upgrade-kernel-default-base-rebuildsuse-upgrade-kernel-default-develsuse-upgrade-kernel-default-extrasuse-upgrade-kernel-default-livepatchsuse-upgrade-kernel-default-livepatch-develsuse-upgrade-kernel-default-optionalsuse-upgrade-kernel-default-vdsosuse-upgrade-kernel-develsuse-upgrade-kernel-devel-azuresuse-upgrade-kernel-devel-rtsuse-upgrade-kernel-docssuse-upgrade-kernel-docs-htmlsuse-upgrade-kernel-kvmsmallsuse-upgrade-kernel-kvmsmall-develsuse-upgrade-kernel-kvmsmall-livepatch-develsuse-upgrade-kernel-kvmsmall-vdsosuse-upgrade-kernel-macrossuse-upgrade-kernel-obs-buildsuse-upgrade-kernel-obs-qasuse-upgrade-kernel-rtsuse-upgrade-kernel-rt-develsuse-upgrade-kernel-rt-extrasuse-upgrade-kernel-rt-livepatchsuse-upgrade-kernel-rt-livepatch-develsuse-upgrade-kernel-rt-optionalsuse-upgrade-kernel-rt-vdsosuse-upgrade-kernel-rt_debugsuse-upgrade-kernel-rt_debug-develsuse-upgrade-kernel-rt_debug-livepatch-develsuse-upgrade-kernel-rt_debug-vdsosuse-upgrade-kernel-sourcesuse-upgrade-kernel-source-azuresuse-upgrade-kernel-source-rtsuse-upgrade-kernel-source-vanillasuse-upgrade-kernel-symssuse-upgrade-kernel-syms-azuresuse-upgrade-kernel-syms-rtsuse-upgrade-kernel-zfcpdumpsuse-upgrade-kselftests-kmp-64kbsuse-upgrade-kselftests-kmp-azuresuse-upgrade-kselftests-kmp-defaultsuse-upgrade-kselftests-kmp-rtsuse-upgrade-ocfs2-kmp-64kbsuse-upgrade-ocfs2-kmp-azuresuse-upgrade-ocfs2-kmp-defaultsuse-upgrade-ocfs2-kmp-rtsuse-upgrade-reiserfs-kmp-64kbsuse-upgrade-reiserfs-kmp-azuresuse-upgrade-reiserfs-kmp-defaultsuse-upgrade-reiserfs-kmp-rt

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today