How severe is CVE-2024-36896?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-36896?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2024-36896 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disable_store(): usb_hub_to_struct_hub() can return NULL if the hub that the port belongs to is concurrently removed, but the function does not check for this possibility before dereferencing the returned value. It turns out that the first dereference is unnecessary, since hub->intfdev is the parent of the port device, so it can be changed easily. Adding a check for hub == NULL prevents further problems. The same bug exists in the disable_show() routine, and it can be fixed the same way.

Related Vulnerabilities

CVE-2015-9124

CRITICAL

CVSS:9.1(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 80...

CWE-4762015

CVE-2017-10917

CRITICAL

CVSS:9.1(Critical)

Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly ob...

CWE-4762017

CVE-2021-4110

CRITICAL

CVSS:9.1(Critical)

mruby is vulnerable to NULL Pointer Dereference

CWE-4762021

CVE-2021-45079

CRITICAL

CVSS:9.1(Critical)

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EA...

CWE-4762021

CVE-2022-26099

CRITICAL

CVSS:9.1(Critical)

Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.

CWE-4762022

CVE-2024-11705

CRITICAL

CVSS:9.1(Critical)

`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with...

CWE-4762024