{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26963", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.201Z", "datePublished": "2024-05-01T05:19:24.573Z", "dateUpdated": "2025-05-04T09:00:55.552Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:00:55.552Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3-am62: fix module unload/reload behavior\n\nAs runtime PM is enabled, the module can be runtime\nsuspended when .remove() is called.\n\nDo a pm_runtime_get_sync() to make sure module is active\nbefore doing any register operations.\n\nDoing a pm_runtime_put_sync() should disable the refclk\nso no need to disable it again.\n\nFixes the below warning at module removel.\n\n[ 39.705310] ------------[ cut here ]------------\n[ 39.710004] clk:162:3 already disabled\n[ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8\n\nWe called of_platform_populate() in .probe() so call the\ncleanup function of_platform_depopulate() in .remove().\nGet rid of the now unnnecessary dwc3_ti_remove_core().\nWithout this, module re-load doesn't work properly."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/dwc3/dwc3-am62.c"], "versions": [{"version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "6c6a45645a2e6a272dfde14eddbb6706de63c25d", "status": "affected", "versionType": "git"}, {"version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "7dfed9855397d0df4c6f748d1f66547ab3bad766", "status": "affected", "versionType": "git"}, {"version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "629b534c42d04f0797980f2d1ed105fdb8906975", "status": "affected", "versionType": "git"}, {"version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "3895780fabd120d0fbd54354014e85207b25687c", "status": "affected", "versionType": "git"}, {"version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "6661befe41009c210efa2c1bcd16a5cc4cff8a06", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/dwc3/dwc3-am62.c"], "versions": [{"version": "5.19", "status": "affected"}, {"version": "0", "lessThan": "5.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.24", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.12", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.3", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.1.84"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.6.24"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.7.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.8.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.19", "versionEndExcluding": "6.9"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d"}, {"url": "https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766"}, {"url": "https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975"}, {"url": "https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c"}, {"url": "https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06"}], "title": "usb: dwc3-am62: fix module unload/reload behavior", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T14:32:32.392082Z", "id": "CVE-2024-26963", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:32:40.225Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.692Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.692Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26963", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T14:32:32.392082Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T14:32:37.361Z"}}], "cna": {"title": "usb: dwc3-am62: fix module unload/reload behavior", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "6c6a45645a2e6a272dfde14eddbb6706de63c25d", "versionType": "git"}, {"status": "affected", "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "7dfed9855397d0df4c6f748d1f66547ab3bad766", "versionType": "git"}, {"status": "affected", "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "629b534c42d04f0797980f2d1ed105fdb8906975", "versionType": "git"}, {"status": "affected", "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "3895780fabd120d0fbd54354014e85207b25687c", "versionType": "git"}, {"status": "affected", "version": "e8784c0aec03a2581ee55827ba694e129d6a57ad", "lessThan": "6661befe41009c210efa2c1bcd16a5cc4cff8a06", "versionType": "git"}], "programFiles": ["drivers/usb/dwc3/dwc3-am62.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.19"}, {"status": "unaffected", "version": "0", "lessThan": "5.19", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.84", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.24", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.12", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8.3", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/usb/dwc3/dwc3-am62.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d"}, {"url": "https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766"}, {"url": "https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975"}, {"url": "https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c"}, {"url": "https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3-am62: fix module unload/reload behavior\n\nAs runtime PM is enabled, the module can be runtime\nsuspended when .remove() is called.\n\nDo a pm_runtime_get_sync() to make sure module is active\nbefore doing any register operations.\n\nDoing a pm_runtime_put_sync() should disable the refclk\nso no need to disable it again.\n\nFixes the below warning at module removel.\n\n[ 39.705310] ------------[ cut here ]------------\n[ 39.710004] clk:162:3 already disabled\n[ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8\n\nWe called of_platform_populate() in .probe() so call the\ncleanup function of_platform_depopulate() in .remove().\nGet rid of the now unnnecessary dwc3_ti_remove_core().\nWithout this, module re-load doesn't work properly."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.84", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.24", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.12", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.3", "versionStartIncluding": "5.19"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "5.19"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:00:55.552Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26963", "state": "PUBLISHED", "dateUpdated": "2025-05-04T09:00:55.552Z", "dateReserved": "2024-02-19T14:20:24.201Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T05:19:24.573Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3-am62: fix module unload/reload behavior\n\nAs runtime PM is enabled, the module can be runtime\nsuspended when .remove() is called.\n\nDo a pm_runtime_get_sync() to make sure module is active\nbefore doing any register operations.\n\nDoing a pm_runtime_put_sync() should disable the refclk\nso no need to disable it again.\n\nFixes the below warning at module removel.\n\n[ 39.705310] ------------[ cut here ]------------\n[ 39.710004] clk:162:3 already disabled\n[ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8\n\nWe called of_platform_populate() in .probe() so call the\ncleanup function of_platform_depopulate() in .remove().\nGet rid of the now unnnecessary dwc3_ti_remove_core().\nWithout this, module re-load doesn't work properly."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc3-am62: corrige el comportamiento de descarga/recarga del m\u00f3dulo. Como el PM en tiempo de ejecuci\u00f3n est\u00e1 habilitado, el tiempo de ejecuci\u00f3n del m\u00f3dulo se puede suspender cuando se llama a .remove(). Realice pm_runtime_get_sync() para asegurarse de que el m\u00f3dulo est\u00e9 activo antes de realizar cualquier operaci\u00f3n de registro. Hacer pm_runtime_put_sync() deber\u00eda deshabilitar refclk, por lo que no es necesario deshabilitarlo nuevamente. Corrige la siguiente advertencia al eliminar el m\u00f3dulo. [39.705310] ------------[ cortar aqu\u00ed ]------------ [ 39.710004] clk:162:3 ya deshabilitado [ 39.713941] ADVERTENCIA: CPU: 0 PID : 921 en drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8 Llamamos a of_platform_populate() en .probe(), as\u00ed que llame a la funci\u00f3n de limpieza of_platform_depopulate() en .remove(). Desh\u00e1gase del ahora innecesario dwc3_ti_remove_core(). Sin esto, la recarga del m\u00f3dulo no funciona correctamente."}], "id": "CVE-2024-26963", "lastModified": "2024-11-21T09:03:30.133", "metrics": {}, "published": "2024-05-01T06:15:12.610", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/3895780fabd120d0fbd54354014e85207b25687c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/629b534c42d04f0797980f2d1ed105fdb8906975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/6661befe41009c210efa2c1bcd16a5cc4cff8a06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/6c6a45645a2e6a272dfde14eddbb6706de63c25d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7dfed9855397d0df4c6f748d1f66547ab3bad766"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: usb: dwc3-am62: fix module unload/reload behavior", "id": "2278172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278172"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nusb: dwc3-am62: fix module unload/reload behavior\nAs runtime PM is enabled, the module can be runtime\nsuspended when .remove() is called.\nDo a pm_runtime_get_sync() to make sure module is active\nbefore doing any register operations.\nDoing a pm_runtime_put_sync() should disable the refclk\nso no need to disable it again.\nFixes the below warning at module removel.\n[ 39.705310] ------------[ cut here ]------------\n[ 39.710004] clk:162:3 already disabled\n[ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8\nWe called of_platform_populate() in .probe() so call the\ncleanup function of_platform_depopulate() in .remove().\nGet rid of the now unnnecessary dwc3_ti_remove_core().\nWithout this, module re-load doesn't work properly.", "A vulnerability was found in the Linux kernel's USB dwc3-am62.c driver, where improper checks may lead to a kernel panic or a module reload failure. This issue occurs because when the .remove() function is called, the module might already be in a runtime-suspended state, meaning the hardware may be powered off. However, the function still attempts to interact with the registers and clocks, possibly leading to system or USB device instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26963", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26963\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26963\nhttps://lore.kernel.org/linux-cve-announce/2024050130-CVE-2024-26963-3eac@gregkh/T"], "statement": "Red Hat Enterprise Linux is not impacted by this CVE, as the vulnerability in question does not affect the specific versions or configurations of the Linux kernel used in its distributions. This ensures that users of Red Hat Enterprise Linux are not exposed to the potential risks associated with this issue, and no further action or mitigation is necessary for systems running this operating system.", "threat_severity": "Moderate"}