Stay Connected:

CVE-2024-38567

CVE Details

Release Date:2024-06-19

Description


In the Linux kernel, the following vulnerability has been resolved:\nwifi: carl9170: add a proper sanity check for endpoints\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n\ncarl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\ncarl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\ncarl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\ncarl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\nrequest_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\nprocess_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\nworker_thread+0x669/0x1090 kernel/workqueue.c:2436\nkthread+0x2e8/0x3a0 kernel/kthread.c:376\nret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n\n[2] Related syzkaller crashes:

See more information about CVE-2024-38567 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 4.4 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: High User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 7 (kernel-uek)ELSA-2024-125812024-08-12
Oracle Linux version 7 (kernel-uek)ELSA-2024-126112024-09-11
Oracle Linux version 7 (kernel-uek-container)ELSA-2024-125852024-08-12
Oracle Linux version 8 (kernel-uek)ELSA-2024-125812024-08-12
Oracle Linux version 8 (kernel-uek-container)ELSA-2024-125842024-08-12


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights