CVE-2024-58055 in Linux
Summary
by MITRE • 03/06/2025
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_tcm: Don't free command immediately
Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/21/2026
The vulnerability identified as CVE-2024-58055 resides within the Linux kernel's USB gadget framework, specifically in the f_tcm (USB gadget TCM) driver component. This issue represents a critical memory management flaw that can lead to system instability and potential security implications. The vulnerability affects systems that utilize USB gadget functionality with TCM (Target Core Module) support, commonly found in embedded systems, storage devices, and USB-based peripheral implementations where the kernel acts as a USB gadget device.
The technical flaw manifests in improper command lifecycle management within the f_tcm driver's handling of USB commands. When processing USB requests, the driver incorrectly frees command structures immediately after initiating operations, without waiting for proper completion of sense status operations. This premature memory deallocation creates a scenario where the same memory location can be freed twice, resulting in a double-free vulnerability. The root cause stems from inadequate synchronization between command execution phases and memory deallocation, where the driver fails to properly track command completion states before releasing associated resources.
The operational impact of this vulnerability extends beyond simple memory corruption, potentially enabling attackers to exploit the double-free condition for privilege escalation or system compromise. When the kernel attempts to free the same memory block twice, it can cause heap corruption that may be leveraged to execute arbitrary code with kernel privileges. This type of vulnerability is particularly dangerous in embedded systems and network appliances where USB gadget functionality is prevalent. The vulnerability can be triggered through malicious USB gadget connections or specific USB command sequences that force the f_tcm driver to process commands in the problematic execution path.
The fix implemented addresses the core memory management issue by deferring command freeing until after the sense status completion is properly acknowledged. This approach aligns with established security practices for memory management in kernel space, ensuring proper resource lifecycle handling before deallocation. The mitigation strategy follows principles from the Common Weakness Enumeration framework, specifically addressing weakness category CWE-415 which covers double free conditions in memory management. Additionally, this vulnerability's remediation aligns with ATT&CK technique T1068 which involves exploiting local privileges and system vulnerabilities to escalate access rights, as the double-free condition can potentially be exploited for privilege escalation within the kernel space.
Systems utilizing USB gadget functionality with TCM support should be updated immediately to patch this vulnerability, particularly those deployed in security-sensitive environments or embedded applications where USB connectivity is a core feature. The fix demonstrates proper kernel memory management practices and emphasizes the importance of state tracking in concurrent execution environments. Organizations should prioritize patching this vulnerability as it represents a potential entry point for attackers seeking to gain elevated privileges within Linux-based systems that rely on USB gadget functionality for their operation.