Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-41097

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/07/2024
Last modified:
03/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: atm: cxacru: fix endpoint checking in cxacru_bind()<br /> <br /> Syzbot is still reporting quite an old issue [1] that occurs due to<br /> incomplete checking of present usb endpoints. As such, wrong<br /> endpoints types may be used at urb sumbitting stage which in turn<br /> triggers a warning in usb_submit_urb().<br /> <br /> Fix the issue by verifying that required endpoint types are present<br /> for both in and out endpoints, taking into account cmd endpoint type.<br /> <br /> Unfortunately, this patch has not been tested on real hardware.<br /> <br /> [1] Syzbot report:<br /> usb 1-1: BOGUS urb xfer, pipe 1 != type 3<br /> WARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502<br /> Modules linked in:<br /> CPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011<br /> Workqueue: usb_hub_wq hub_event<br /> RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502<br /> ...<br /> Call Trace:<br /> cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649<br /> cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760<br /> cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209<br /> usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055<br /> cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363<br /> usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396<br /> call_driver_probe drivers/base/dd.c:517 [inline]<br /> really_probe+0x23c/0xcd0 drivers/base/dd.c:595<br /> __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747<br /> driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777<br /> __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894<br /> bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427<br /> __device_attach+0x228/0x4a0 drivers/base/dd.c:965<br /> bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487<br /> device_add+0xc2f/0x2180 drivers/base/core.c:3354<br /> usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170<br /> usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238<br /> usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.36 (including) 4.19.317 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.279 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.221 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.162 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.97 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.37 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.9.8 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools