Security tracker / CVE-2024-40927

CVE-2024-40927

xhci: Handle TD clearing for multiple streams case

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in e9df17eb1408 ("USB: xhci: Correct assumptions about number of
 carnil> rings per endpoint.")
 carnil> 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs.")
 carnil> 674f8438c121 ("xhci: split handling halted endpoints into two steps").
 carnil> Vulnerable versions: 2.6.35-rc1.

Bugs

Status

Branch	Status
upstream	released (6.10-rc4) [5ceac4402f5d975e5a01c806438eb4e554771577]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.9-upstream-stable	released (6.9.6) [61593dc413c3655e4328a351555235bc3089486a]
6.6-upstream-stable	released (6.6.35) [949be4ec5835e0ccb3e2a8ab0e46179cb5512518]
6.1-upstream-stable	released (6.1.95) [633f72cb6124ecda97b641fbc119340bd88d51a9]
5.10-upstream-stable	needed
sid	released (6.9.7-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	released (6.1.98-1)
5.10-bullseye-security	needed