Fixed
Created: Apr 3, 2024
Updated: Jun 15, 2024
Resolved Date: Jun 14, 2024
Found In Version: 10.21.20.1
Fix Version: 10.21.20.22
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
usb: core: Prevent null pointer dereference in update_port_device_state
Currently, the function update_port_device_state gets the usb_hub from
udev->parent by calling usb_hub_to_struct_hub.
However, in case the actconfig or the maxchild is 0, the usb_hub would
be NULL and upon further accessing to get port_dev would result in null
pointer dereference.
Fix this by introducing an if check after the usb_hub is populated.
CREATE(Triage):(User=admin) CVE-2024-26716 (https://nvd.nist.gov/vuln/detail/CVE-2024-26716)