CVE-2024-45027 Information

Description

In the Linux kernel the following vulnerability has been resolved:

usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()

If xhci_mem_init() fails it calls into xhci_mem_cleanup() to mop up the damage. If it fails early enough before xhci->interrupters is allocated but after xhci->max_interrupters has been set which happens in most (all?) cases things get uglier as xhci_mem_cleanup() unconditionally derefences xhci->interrupters. With prejudice.

Gate the interrupt freeing loop with a check on xhci->interrupters being non-NULL.

Found while debugging a DMA allocation issue that led the XHCI driver on this exact path.

Reference

https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039