cve/2024/CVE-2024-26715.md

### [CVE-2024-26715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26715)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=9772b47a4c29%3C%2088936ceab6b4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspendIn current scenario if Plug-out and Plug-In performed continuouslythere could be a chance while checking for dwc->gadget_driver indwc3_gadget_suspend, a NULL pointer dereference may occur.Call Stack:	CPU1:                           CPU2:	gadget_unbind_driver            dwc3_suspend_common	dwc3_gadget_stop                dwc3_gadget_suspend                                        dwc3_disconnect_gadgetCPU1 basically clears the variable and CPU2 checks the variable.Consider CPU1 is running and right before gadget_driver is clearedand in parallel CPU2 executes dwc3_gadget_suspend where it findsdwc->gadget_driver which is not NULL and resumes execution and thenCPU1 completes execution. CPU2 executes dwc3_disconnect_gadget whereit checks dwc->gadget_driver is already NULL because of which theNULL pointer deference occur.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds