Release Date: | 2024-07-29 |
In the Linux kernel, the following vulnerability has been resolved:\nusb: atm: cxacru: fix endpoint checking in cxacru_bind()\nSyzbot is still reporting quite an old issue [1] that occurs due to\nincomplete checking of present usb endpoints. As such, wrong\nendpoints types may be used at urb sumbitting stage which in turn\ntriggers a warning in usb_submit_urb().\nFix the issue by verifying that required endpoint types are present\nfor both in and out endpoints, taking into account cmd endpoint type.\nUnfortunately, this patch has not been tested on real hardware.\n[1] Syzbot report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n...\nCall Trace:\ncxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649\ncxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760\ncxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209\nusbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055\ncxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363\nusb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\ncall_driver_probe drivers/base/dd.c:517 [inline]\nreally_probe+0x23c/0xcd0 drivers/base/dd.c:595\n__driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747\ndriver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777\n__device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894\nbus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427\n__device_attach+0x228/0x4a0 drivers/base/dd.c:965\nbus_probe_device+0x1e4/0x290 drivers/base/bus.c:487\ndevice_add+0xc2f/0x2180 drivers/base/core.c:3354\nusb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170\nusb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238\nusb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293
See more information about CVE-2024-41097 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | Low | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12610 | 2024-09-10 |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12779 | 2024-10-11 |
Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12612 | 2024-09-11 |
Oracle Linux version 8 (kernel) | ELSA-2024-7000 | 2024-09-24 |
Oracle Linux version 8 (kernel-uek) | ELSA-2024-12610 | 2024-09-10 |
Oracle Linux version 8 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12612 | 2024-09-11 |
Oracle Linux version 9 (kernel-uek) | ELSA-2024-12618 | 2024-09-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: