CVE-2024-46674 — HIGH (7.8)

Q: How severe is CVE-2024-46674?

CVE-2024-46674 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-46674?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.18, < 4.19.321

Related Weaknesses (CWE)

CWE-416

References

FAQ

What is CVE-2024-46674?

CVE-2024-46674 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allo...

How severe is CVE-2024-46674?

CVE-2024-46674 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-46674?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.