{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-53070", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-11-19T17:17:24.976Z", "datePublished": "2024-11-19T17:22:37.706Z", "dateUpdated": "2024-12-19T09:38:25.820Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:38:25.820Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: fix fault at system suspend if device was already runtime suspended\n\nIf the device was already runtime suspended then during system suspend\nwe cannot access the device registers else it will crash.\n\nAlso we cannot access any registers after dwc3_core_exit() on some\nplatforms so move the dwc3_enable_susphy() call to the top."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/dwc3/core.c"], "versions": [{"version": "073530898ebf44a9418434e899cfa9ca86945333", "lessThan": "d9e65d461a9de037e7c9d584776d025cfce6d86d", "status": "affected", "versionType": "git"}, {"version": "85ca88f93162acb94dbcb26d0ee2b145864d14a1", "lessThan": "562804b1561cc248cc37746a1c96c83cab1d7209", "status": "affected", "versionType": "git"}, {"version": "4fad7370086797afe6471493e3a5f36add8c48a7", "lessThan": "4abc5ee334fe4aba50461c45fdaaa4c5e5c57789", "status": "affected", "versionType": "git"}, {"version": "a690a9e38e6ba819789074388de7cff06425ef5b", "lessThan": "06b98197b69e2f2af9cb1991ee0b1c876edf7b86", "status": "affected", "versionType": "git"}, {"version": "705e3ce37bccdf2ed6f848356ff355f480d51a91", "lessThan": "9cfb31e4c89d200d8ab7cb1e0bb9e6e8d621ca0b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/dwc3/core.c"], "versions": [{"version": "5.15.170", "lessThan": "5.15.172", "status": "affected", "versionType": "semver"}, {"version": "6.1.115", "lessThan": "6.1.117", "status": "affected", "versionType": "semver"}, {"version": "6.6.59", "lessThan": "6.6.61", "status": "affected", "versionType": "semver"}, {"version": "6.11.5", "lessThan": "6.11.8", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d9e65d461a9de037e7c9d584776d025cfce6d86d"}, {"url": "https://git.kernel.org/stable/c/562804b1561cc248cc37746a1c96c83cab1d7209"}, {"url": "https://git.kernel.org/stable/c/4abc5ee334fe4aba50461c45fdaaa4c5e5c57789"}, {"url": "https://git.kernel.org/stable/c/06b98197b69e2f2af9cb1991ee0b1c876edf7b86"}, {"url": "https://git.kernel.org/stable/c/9cfb31e4c89d200d8ab7cb1e0bb9e6e8d621ca0b"}], "title": "usb: dwc3: fix fault at system suspend if device was already runtime suspended", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CC09466-A4C0-4FE6-AC81-F620B65EC4AF", "versionEndExcluding": "5.15.172", "versionStartIncluding": "5.15.170", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CACEF6C4-89D7-488E-8023-41C8325AA271", "versionEndExcluding": "6.1.117", "versionStartIncluding": "6.1.115", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "962E4D7B-164B-4604-A273-17BDEBC12DA1", "versionEndExcluding": "6.6.61", "versionStartIncluding": "6.6.59", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "744A9D07-6FE7-48A4-BA82-4A599235CEC6", "versionEndExcluding": "6.11.8", "versionStartIncluding": "6.11.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: fix fault at system suspend if device was already runtime suspended\n\nIf the device was already runtime suspended then during system suspend\nwe cannot access the device registers else it will crash.\n\nAlso we cannot access any registers after dwc3_core_exit() on some\nplatforms so move the dwc3_enable_susphy() call to the top."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc3: se corrige un error en la suspensi\u00f3n del sistema si el dispositivo ya estaba suspendido en tiempo de ejecuci\u00f3n. Si el dispositivo ya estaba suspendido en tiempo de ejecuci\u00f3n, durante la suspensi\u00f3n del sistema no podemos acceder a los registros del dispositivo, de lo contrario, se bloquear\u00e1. Adem\u00e1s, no podemos acceder a ning\u00fan registro despu\u00e9s de dwc3_core_exit() en algunas plataformas, por lo que movemos la llamada dwc3_enable_susphy() al principio."}], "id": "CVE-2024-53070", "lastModified": "2024-11-25T20:53:55.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-19T18:15:26.700", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/06b98197b69e2f2af9cb1991ee0b1c876edf7b86"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4abc5ee334fe4aba50461c45fdaaa4c5e5c57789"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/562804b1561cc248cc37746a1c96c83cab1d7209"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9cfb31e4c89d200d8ab7cb1e0bb9e6e8d621ca0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d9e65d461a9de037e7c9d584776d025cfce6d86d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: usb: dwc3: fix fault at system suspend if device was already runtime suspended", "id": "2327332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327332"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nusb: dwc3: fix fault at system suspend if device was already runtime suspended\nIf the device was already runtime suspended then during system suspend\nwe cannot access the device registers else it will crash.\nAlso we cannot access any registers after dwc3_core_exit() on some\nplatforms so move the dwc3_enable_susphy() call to the top."], "name": "CVE-2024-53070", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53070\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53070\nhttps://lore.kernel.org/linux-cve-announce/2024111933-CVE-2024-53070-6eea@gregkh/T"], "threat_severity": "Moderate"}