LiveActive security incident?Get immediate response
CVE Record

CVE-2024-26715: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadget_driver in dwc3_gadget_suspend, a NULL pointer dereference may occur. Call Stack: CPU1: CPU2: gadget_unbind_driver dwc3_suspend_common dwc3_gadget_stop dwc3_gadget_suspend dwc3_disconnect_gadget CPU1 basically clears the variable and CPU2 checks the variable. Consider CPU1 is running and right before gadget_driver is cleared and in parallel CPU2 executes dwc3_gadget_suspend where it finds dwc->gadget_driver which is not NULL and resumes execution and then CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where it checks dwc->gadget_driver is already NULL because of which the NULL pointer deference occur.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-26715 is a Linux kernel crash bug in the DWC3 USB gadget driver. Rapid USB unplug and replug activity during suspend or driver shutdown can race two code paths, leaving one path to use a cleared driver pointer. The likely business impact is local device instability or denial of service, not confirmed remote compromise.

Executive priority

Prioritize patching for products or fleets that expose USB gadget functionality, because this can crash affected devices. It is not currently supported as an internet-scale emergency from the supplied evidence, but unmanaged embedded Linux devices may have long patch cycles and operational impact.

Technical view

The flaw is a NULL pointer dereference in dwc3_gadget_suspend(). A race between gadget_unbind_driver/dwc3_gadget_stop and dwc3_suspend_common/dwc3_gadget_suspend can clear dwc->gadget_driver after a prior non-NULL check, leading dwc3_disconnect_gadget to dereference NULL. Linux marks this resolved with stable kernel commits.

Likely exposure

Exposure is most relevant to Linux systems using the DWC3 USB controller in gadget/device mode, especially embedded, mobile, appliance, OT, or development boards where USB connect/disconnect and suspend events occur. Generic servers without DWC3 gadget functionality are less likely exposed.

Exploitation context

The supplied sources do not show KEV listing, public exploitation, CVSS, or exploit maturity. The described trigger depends on timing around USB plug-out/plug-in, suspend, and gadget driver unbind paths, so treat this as a reliability and denial-of-service risk unless vendor evidence says otherwise.

Researcher notes

Evidence is limited to the CVE record and Linux stable commit references. No CWE, CVSS, exploit status, or detailed vendor matrix is provided. Focus research on confirming affected kernel branches, downstream backports, DWC3 gadget enablement, and whether crash-only behavior holds for target hardware.

Mitigation direction

  • Update to a vendor kernel containing the referenced stable fixes.
  • Prioritize devices using DWC3 USB gadget or device mode.
  • Check Linux distribution or device-vendor advisories for backported patches.
  • If update is delayed, reduce unnecessary USB gadget exposure where feasible.
  • Avoid claiming remediation complete without confirming the exact backport commit.

Validation and detection

  • Inventory affected devices for Linux kernel version and DWC3 gadget usage.
  • Check vendor kernel changelogs for CVE-2024-26715 or the referenced commits.
  • Confirm patched builds include the dwc3 gadget suspend race fix.
  • Review crash logs for NULL dereferences in dwc3_gadget_suspend or dwc3_disconnect_gadget.
  • Validate that regression testing covers USB disconnect, reconnect, and suspend behavior.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-26715 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux9772b47a4c2916d645c551228b6085ea24acbe5d, 9772b47a4c2916d645c551228b6085ea24acbe5d, 9772b47a4c2916d645c551228b6085ea24acbe5d, 9772b47a4c2916d645c551228b6085ea24acbe5d, 9772b47a4c2916d645c551228b6085ea24acbe5d, 8cca5c85393a7a490d4d7942c24d73d29cc77b3e, df2ca3271569367352835f981618e284fdc4ca94, 3.16.81, 4.4.178unaffected
LinuxLinux4.6, 0, 5.15.149, 6.1.79, 6.6.18, 6.7.6, 6.8affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.