Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.18, < 5.10.231 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28Patch
- https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627Patch
- https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859Patch
- https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7Patch
- https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ecPatch
- https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524Patch
- https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9Patch
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
FAQ
What is CVE-2024-56698?
CVE-2024-56698 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially ...
How severe is CVE-2024-56698?
CVE-2024-56698 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-56698?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.