CVE-2024-38565

CVE Details

Release Date:

2024-06-19

Description

In the Linux kernel, the following vulnerability has been resolved:\nwifi: ar5523: enable proper endpoint verification\nSyzkaller reports [1] hitting a warning about an endpoint in use\nnot having an expected type to it.\nFix the issue by checking for the existence of all proper\nendpoints with their according types intact.\nSadly, this patch has not been tested on real hardware.\n[1] Syzkaller report:\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n\nar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275\nar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]\nar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]\nar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655\nusb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396\ncall_driver_probe drivers/base/dd.c:560 [inline]\nreally_probe+0x249/0xb90 drivers/base/dd.c:639\n__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778\ndriver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808\n__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936\nbus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427\n__device_attach+0x1e4/0x530 drivers/base/dd.c:1008\nbus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487\ndevice_add+0xbd9/0x1e90 drivers/base/core.c:3517\nusb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170\nusb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238\nusb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293\ncall_driver_probe drivers/base/dd.c:560 [inline]\nreally_probe+0x249/0xb90 drivers/base/dd.c:639\n__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778\ndriver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808\n__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936\nbus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427\n__device_attach+0x1e4/0x530 drivers/base/dd.c:1008\nbus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487\ndevice_add+0xbd9/0x1e90 drivers/base/core.c:3517\nusb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573\nhub_port_connect drivers/usb/core/hub.c:5353 [inline]\nhub_port_connect_change drivers/usb/core/hub.c:5497 [inline]\nport_event drivers/usb/core/hub.c:5653 [inline]\nhub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735\nprocess_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\nworker_thread+0x669/0x1090 kernel/workqueue.c:2436\nkthread+0x2e8/0x3a0 kernel/kthread.c:376\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306\n

See more information about CVE-2024-38565 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.4	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12581	2024-08-12
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12611	2024-09-11
Oracle Linux version 7 (kernel-uek-container)	ELSA-2024-12585	2024-08-12
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12581	2024-08-12
Oracle Linux version 8 (kernel-uek-container)	ELSA-2024-12584	2024-08-12