{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-57915", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "REJECTED", "assignerShortName": "Linux", "dateReserved": "2025-01-19T11:50:08.374Z", "datePublished": "2025-01-19T11:52:36.460Z", "dateUpdated": "2025-02-13T15:28:03.202Z", "dateRejected": "2025-02-13T15:28:03.202Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-13T15:28:03.202Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}], "id": "CVE-2024-57915", "lastModified": "2025-02-13T16:16:43.287", "metrics": {}, "published": "2025-01-19T12:15:25.673", "references": [], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "kernel: usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null", "id": "2338859", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2338859"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["[REJECTED CVE] A vulnerability in the Linux kernel's USB gadget subsystem allowed a race condition where gserial_disconnect could clear gser->ioport during unbinding, leading to a null pointer dereference in gs_read_complete, potentially causing a kernel crash. An attacker could exploit this by repeatedly triggering gadget reconfiguration, leading to denial of service. This issue has been resolved by disabling the endpoint before setting the port to null, preventing access to freed resources."], "name": "CVE-2024-57915", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-01-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-57915\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57915\nhttps://lore.kernel.org/linux-cve-announce/2025011940-CVE-2024-57915-fc93@gregkh/T"], "statement": "This CVE has been rejected upstream:\nhttps://lore.kernel.org/linux-cve-announce/2025021308-REJECTED-3f47@gregkh/\nRed Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification.", "threat_severity": "Moderate"}