CVE-2024-56698

usb: dwc3: gadget: Fix looping of queued SG entries

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.

INFO

Published Date :

2024-12-28T09:46:21.363Z

Last Modified :

2025-11-03T20:52:46.763Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2024-56698 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56698.

URL	Resource
https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28
https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627
https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859
https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7
https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ec
https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524
https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://nvd.nist.gov/vuln/detail/CVE-2024-56698
https://www.cve.org/CVERecord?id=CVE-2024-56698

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact