Login Sign Up

CVE-2024-56687

5.5 MEDIUM
Denial of Service

📋 TL;DR

A race condition in the Linux kernel's MUSB gadget driver can cause hardware lockup when the first USB endpoint request is received. This affects systems using USB gadget functionality, particularly USB Ethernet gadgets, potentially preventing network communication. The vulnerability requires specific timing conditions and USB gadget usage to be exploitable.

💻 Affected Systems

Products:
  • Linux kernel with MUSB gadget driver
Versions: Specific kernel versions with vulnerable MUSB driver code
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only affects systems with MUSB gadget driver enabled and USB gadget functionality in use, particularly USB Ethernet gadgets

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent hardware lockup of USB gadget functionality requiring system reboot, denial of service for USB network interfaces

🟠

Likely Case

Intermittent USB gadget failures or network connectivity issues when using USB Ethernet gadgets

🟢

If Mitigated

No impact if USB gadget functionality is not used or if systems are not configured as USB devices

🌐 Internet-Facing: LOW - Requires USB gadget mode and specific timing conditions, not directly network exploitable
🏢 Internal Only: MEDIUM - Could affect embedded systems, IoT devices, or systems using USB gadget functionality internally

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires specific timing conditions, USB gadget configuration, and race condition triggering

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 0c89445e6d475b78d37b64ae520831cd43af7db4 and related fixes

Vendor Advisory: https://git.kernel.org/stable/c/0c89445e6d475b78d37b64ae520831cd43af7db4

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from official kernel.org or distribution repositories. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.

🔧 Temporary Workarounds

Disable USB gadget functionality

linux

Prevent exploitation by disabling MUSB gadget driver or USB gadget features

modprobe -r musb_gadget
echo 'blacklist musb_gadget' > /etc/modprobe.d/disable-musb.conf

Disable USB Ethernet gadget

linux

Disable specific vulnerable gadget driver if not needed

modprobe -r g_ether
echo 'blacklist g_ether' > /etc/modprobe.d/disable-g_ether.conf

🧯 If You Can't Patch

  • Disable USB gadget functionality entirely if not required
  • Implement monitoring for USB gadget failures and system lockups

🔍 How to Verify

Check if Vulnerable:

Check if MUSB gadget driver is loaded: lsmod | grep musb_gadget. Check kernel version against known vulnerable versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: grep -q '0c89445e6d475b78d37b64ae520831cd43af7db4' /proc/version_signature || echo 'Check kernel source'

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing USB gadget errors
  • System lockups or hangs related to USB operations
  • Network interface failures on USB Ethernet gadgets

Network Indicators:

  • Sudden loss of USB network connectivity
  • USB gadget interface failures

SIEM Query:

source="kernel" AND ("musb" OR "USB gadget" OR "g_ether") AND ("error" OR "lockup" OR "failed")

📊 Metadata

CVE ID: CVE-2024-56687
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
Published: December 28, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56687, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)