Showing 1 - 2 of 2

CVE-2024-26934

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, device_del() waits for all ongoing sysfs attribute callbacks to complete. But usb_deauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished. The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfs_break_active_protection() function, which tells sysfs not to wait for the attribute callback. Reported-and-tested by: Yue Sun <samsun1006219@gmail.com> Reported by: xingwei lee <xrivendell7@gmail.com>

Related Files

Ubuntu Security Notice USN-6938-1: Posted Aug 1, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6938-1 - It was discovered that the device input subsystem in the Linux kernel did not properly handle the case when an event code falls outside of a bitmap. A local attacker could use this to cause a denial of service. é»„æ€èª discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.; tags | advisory, denial of service, kernel, local; systems | linux, ubuntu; advisories | CVE-2021-46932, CVE-2021-46960, CVE-2022-48619, CVE-2023-46343, CVE-2023-52444, CVE-2023-52449, CVE-2023-52620, CVE-2024-24857, CVE-2024-25739, CVE-2024-26840, CVE-2024-26884, CVE-2024-26886, CVE-2024-26934, CVE-2024-27020; SHA-256 | 2b1fe74bf4e050be2f9b24272b13e4eb597cb8e2474c9e01998d2ad12881b722; Download | Favorite | View

Ubuntu Security Notice USN-6898-1: Posted Jul 15, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6898-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.; tags | advisory, denial of service, overflow, kernel, local; systems | linux, ubuntu; advisories | CVE-2022-38096, CVE-2023-52880, CVE-2024-23307, CVE-2024-24861, CVE-2024-25739, CVE-2024-26642, CVE-2024-26654, CVE-2024-26687, CVE-2024-26812, CVE-2024-26813, CVE-2024-26828, CVE-2024-26923, CVE-2024-26926, CVE-2024-26934; SHA-256 | ee181d7c57544b38471cdfdd8a2ee4fb18baf1502aad94b568edad8babad667d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 272 files
Ubuntu 60 files
Debian 19 files
Gentoo 8 files
Apple 5 files
Google Security Research 4 files
Jann Horn 3 files
Spencer McIntyre 3 files
LiquidWorm 3 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2024-26934

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems