CVE-2024-56698: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56698 is a vulnerability discovered in the Linux kernel's USB DWC3 gadget driver. The issue was disclosed on December 28, 2024, and affects multiple versions of the Linux kernel from 4.18 through 6.12.2. The vulnerability stems from incorrect handling of queued Scatter-Gather (SG) entries in the USB subsystem (NVD).

The vulnerability occurs in the dwc3 gadget driver where the dwc3request->numqueuedsgs counter is decremented on completion. When a partially completed request is handled, the numqueued_sgs value no longer accurately reflects the total number of queued SG entries as it would be cleared. This can lead to incorrect checking of the number of request SG entries remaining to be prepared and queued, potentially resulting in a null pointer dereference when accessing non-existent SG entries. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a null pointer dereference in the Linux kernel's USB subsystem, potentially resulting in a denial of service condition. The impact is limited to local attacks and requires local user privileges to exploit (NVD).

The vulnerability has been patched in multiple Linux kernel versions. The fix involves correctly tracking the number of remaining SG entries to be prepared and queued by using req->numpendingsgs instead of the difference between nummappedsgs and numqueuedsgs. The patch has been backported to affected stable kernel versions (Kernel Patch).