CVE-2024-26919
Description
In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpi_unregister_interface tries to remove a debugfs directory named after the ulpi device itself. This results in the directory sticking around and preventing subsequent (deferred) probes from succeeding. Change the directory name to match the ulpi device.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description kernel: usb: ulpi: Fix debugfs directory leak CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10RHSA-2024:36272024-06-05T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-553.5.1.el8_10RHSA-2024:36182024-06-05T00:00:00Z Package state ProductPackageState…
Description
kernel: usb: ulpi: Fix debugfs directory leak
CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10 | RHSA-2024:3627 | 2024-06-05T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-553.5.1.el8_10 | RHSA-2024:3618 | 2024-06-05T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 9 | kernel | Not affected |
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Apply commands
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Not affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| — | Affected | — |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | kernel-abi-stablelists-4.18.0-553.5.1.el8_10.noarch.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.7.7-1 |
| sid | Fixed | 6.7.7-1 |
| forky | Fixed | 6.7.7-1 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 6.1.82-1 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | — |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | — |
References
- https://errata.rockylinux.org/RLSA-2024:3627
- https://errata.rockylinux.org/RLSA-2024:3618
- https://www.suse.com/security/cve/CVE-2024-26919.html
- https://security-tracker.debian.org/tracker/CVE-2024-26919
- https://access.redhat.com/errata/RHSA-2024:3618
- https://bugzilla.redhat.com/2250843
- https://bugzilla.redhat.com/2257406
- https://bugzilla.redhat.com/2263875
- https://bugzilla.redhat.com/2265271
- https://bugzilla.redhat.com/2265646
- https://bugzilla.redhat.com/2265654
- https://bugzilla.redhat.com/2265833
- https://bugzilla.redhat.com/2266296
- https://bugzilla.redhat.com/2266446
- https://bugzilla.redhat.com/2266746
- https://bugzilla.redhat.com/2266841
- https://bugzilla.redhat.com/2267038
- https://bugzilla.redhat.com/2267185
- https://bugzilla.redhat.com/2267355
- https://bugzilla.redhat.com/2267509
- https://bugzilla.redhat.com/2267705
- https://bugzilla.redhat.com/2267724
- https://bugzilla.redhat.com/2267758
- https://bugzilla.redhat.com/2267789
- https://bugzilla.redhat.com/2267797
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.