CVE-2023-54213

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> USB: sisusbvga: Add endpoint checks<br /> <br /> The syzbot fuzzer was able to provoke a WARNING from the sisusbvga driver:<br /> <br /> ------------[ cut here ]------------<br /> usb 1-1: BOGUS urb xfer, pipe 3 != type 1<br /> WARNING: CPU: 1 PID: 26 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504<br /> Modules linked in:<br /> CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.2.0-rc5-syzkaller-00199-g5af6ce704936 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023<br /> Workqueue: usb_hub_wq hub_event<br /> RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504<br /> Code: 7c 24 18 e8 6c 50 80 fb 48 8b 7c 24 18 e8 62 1a 01 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 60 b1 fa 8a e8 84 b0 be 03 0b e9 58 f8 ff ff e8 3e 50 80 fb 48 81 c5 c0 05 00 00 e9 84 f7<br /> RSP: 0018:ffffc90000a1ed18 EFLAGS: 00010282<br /> RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000<br /> RDX: ffff888012783a80 RSI: ffffffff816680ec RDI: fffff52000143d95<br /> RBP: ffff888079020000 R08: 0000000000000005 R09: 0000000000000000<br /> R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000003<br /> R13: ffff888017d33370 R14: 0000000000000003 R15: ffff888021213600<br /> FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00005592753a60b0 CR3: 0000000022899000 CR4: 00000000003506e0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> sisusb_bulkout_msg drivers/usb/misc/sisusbvga/sisusbvga.c:224 [inline]<br /> sisusb_send_bulk_msg.constprop.0+0x904/0x1230 drivers/usb/misc/sisusbvga/sisusbvga.c:379<br /> sisusb_send_bridge_packet drivers/usb/misc/sisusbvga/sisusbvga.c:567 [inline]<br /> sisusb_do_init_gfxdevice drivers/usb/misc/sisusbvga/sisusbvga.c:2077 [inline]<br /> sisusb_init_gfxdevice+0x87b/0x4000 drivers/usb/misc/sisusbvga/sisusbvga.c:2177<br /> sisusb_probe+0x9cd/0xbe2 drivers/usb/misc/sisusbvga/sisusbvga.c:2869<br /> ...<br /> <br /> The problem was caused by the fact that the driver does not check<br /> whether the endpoints it uses are actually present and have the<br /> appropriate types. This can be fixed by adding a simple check of<br /> the endpoints.