Release Date: | 2024-06-19 |
In the Linux kernel, the following vulnerability has been resolved:\nwifi: ar5523: enable proper endpoint verification\nSyzkaller reports [1] hitting a warning about an endpoint in use\nnot having an expected type to it.\nFix the issue by checking for the existence of all proper\nendpoints with their according types intact.\nSadly, this patch has not been tested on real hardware.\n[1] Syzkaller report:\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n
See more information about CVE-2024-38565 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 4.4 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | High | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12611 | 2024-09-11 |
Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12585 | 2024-08-12 |
Oracle Linux version 8 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12584 | 2024-08-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: