ID

VAR-202409-1903


CVE

CVE-2024-44960


TITLE

Linux  of  Linux Kernel  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-009857

DESCRIPTION

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets. Linux of Linux Kernel for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on SINEC OS with up to 28 non-blocking interfaces. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) and human-machine interfaces (HMIs). Multiple vulnerabilities exist in third-party components prior to SIEMENS SINEC OS V3.2. These vulnerabilities could be exploited to corrupt values, leading to undefined behavior or security issues

Trust: 2.7

sources: NVD: CVE-2024-44960 // JVNDB: JVNDB-2024-009857 // CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:6.11

Trust: 1.8

vendor:linuxmodel:kernelscope:ltversion:4.14.152

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.282

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.9.199

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.5

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.16

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.165

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.1.105

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.6.46

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:3.16.80

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.224

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:6.10.5

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.10

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.320

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.4.199

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:3.17

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.3.9

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:6.7

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.4

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:5.5 that's all 5.10.224

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.10 that's all 4.14.152

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:3.16.80

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.20 that's all 5.3.9

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:3.17 that's all 4.4.199

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion: -

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.2 that's all 6.6.46

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.16 that's all 6.1.105

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.15 that's all 4.19.320

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:6.7 that's all 6.10.5

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.4 that's all 5.4.282

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.11 that's all 5.15.165

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.5 that's all 4.9.199

Trust: 0.8

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rst2428pscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xc-300/xr-300/xc-400/xr-500wg/xr-500 familyscope:ltversion:v3.2

Trust: 0.6

vendor:siemensmodel:scalance xcm-/xrm-/xch-/xrh-300 familyscope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-009857 // NVD: CVE-2024-44960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-44960
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-44960
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-19346
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19350
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-19346
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2025-19350
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-44960
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-44960
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-009857 // NVD: CVE-2024-44960

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-009857 // NVD: CVE-2024-44960

PATCH

title:Linux Kernel Archivesurl:https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1

Trust: 0.8

title:Patch for Multiple vulnerabilities in Siemens SINEC OS third-party componentsurl:https://www.cnvd.org.cn/patchInfo/show/723071

Trust: 0.6

title:Patch for Multiple vulnerabilities exist in third-party components of SIEMENS SINEC OS V3.2 and earlierurl:https://www.cnvd.org.cn/patchInfo/show/723061

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-009857

EXTERNAL IDS

db:NVDid:CVE-2024-44960

Trust: 2.6

db:SIEMENSid:SSA-613116

Trust: 1.6

db:SIEMENSid:SSA-355557

Trust: 1.6

db:SIEMENSid:SSA-265688

Trust: 1.0

db:JVNid:JVNVU92169998

Trust: 0.8

db:ICS CERTid:ICSA-25-226-07

Trust: 0.8

db:JVNDBid:JVNDB-2024-009857

Trust: 0.8

db:CNVDid:CNVD-2025-19346

Trust: 0.6

db:CNVDid:CNVD-2025-19350

Trust: 0.6

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-009857 // NVD: CVE-2024-44960

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-613116.html

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-355557.html

Trust: 1.6

url:https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Trust: 1.0

url:https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf

Trust: 1.0

url:https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18

Trust: 1.0

url:https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244

Trust: 1.0

url:https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e

Trust: 1.0

url:https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Trust: 1.0

url:https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1

Trust: 1.0

url:https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

Trust: 1.0

url:https://jvn.jp/vu/jvnvu92169998/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-44960

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07

Trust: 0.8

sources: CNVD: CNVD-2025-19346 // CNVD: CNVD-2025-19350 // JVNDB: JVNDB-2024-009857 // NVD: CVE-2024-44960

SOURCES

db:CNVDid:CNVD-2025-19346
db:CNVDid:CNVD-2025-19350
db:JVNDBid:JVNDB-2024-009857
db:NVDid:CVE-2024-44960

LAST UPDATE DATE

2026-06-19T19:53:16.377000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-19346date:2025-08-22T00:00:00
db:CNVDid:CNVD-2025-19350date:2025-08-22T00:00:00
db:JVNDBid:JVNDB-2024-009857date:2025-09-02T02:44:00
db:NVDid:CVE-2024-44960date:2026-05-12T12:17:09.493

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-19346date:2025-08-12T00:00:00
db:CNVDid:CNVD-2025-19350date:2025-08-12T00:00:00
db:JVNDBid:JVNDB-2024-009857date:2024-10-07T00:00:00
db:NVDid:CVE-2024-44960date:2024-09-04T19:15:30.700