CVE-2024-38565
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/06/2024
Last modified:
04/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: ar5523: enable proper endpoint verification<br />
<br />
Syzkaller reports [1] hitting a warning about an endpoint in use<br />
not having an expected type to it.<br />
<br />
Fix the issue by checking for the existence of all proper<br />
endpoints with their according types intact.<br />
<br />
Sadly, this patch has not been tested on real hardware.<br />
<br />
[1] Syzkaller report:<br />
------------[ cut here ]------------<br />
usb 1-1: BOGUS urb xfer, pipe 3 != type 1<br />
WARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504<br />
...<br />
Call Trace:<br />
<br />
ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275<br />
ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]<br />
ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]<br />
ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655<br />
usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396<br />
call_driver_probe drivers/base/dd.c:560 [inline]<br />
really_probe+0x249/0xb90 drivers/base/dd.c:639<br />
__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778<br />
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808<br />
__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936<br />
bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427<br />
__device_attach+0x1e4/0x530 drivers/base/dd.c:1008<br />
bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487<br />
device_add+0xbd9/0x1e90 drivers/base/core.c:3517<br />
usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170<br />
usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238<br />
usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293<br />
call_driver_probe drivers/base/dd.c:560 [inline]<br />
really_probe+0x249/0xb90 drivers/base/dd.c:639<br />
__driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778<br />
driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808<br />
__device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936<br />
bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427<br />
__device_attach+0x1e4/0x530 drivers/base/dd.c:1008<br />
bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487<br />
device_add+0xbd9/0x1e90 drivers/base/core.c:3517<br />
usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573<br />
hub_port_connect drivers/usb/core/hub.c:5353 [inline]<br />
hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]<br />
port_event drivers/usb/core/hub.c:5653 [inline]<br />
hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735<br />
process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289<br />
worker_thread+0x669/0x1090 kernel/workqueue.c:2436<br />
kthread+0x2e8/0x3a0 kernel/kthread.c:376<br />
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306<br />
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.8 (including) | 4.19.316 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.278 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.219 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.161 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.93 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.33 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.8.12 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.9 (including) | 6.9.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/34f7ebff1b9699e0b89fa58b693bc098c2f5ec72
- https://git.kernel.org/stable/c/68a5a00c5d38978a3f8460c6f182f7beec8688ff
- https://git.kernel.org/stable/c/79ddf5f2020fd593d50f1363bb5131283d74f78f
- https://git.kernel.org/stable/c/7bbf76c9bb2c58375e183074e44f9712483f0603
- https://git.kernel.org/stable/c/b33a81e4ecfb022b028cae37d1c1ce28ac1b359d
- https://git.kernel.org/stable/c/b4c24de37a6bb383394a6fef2b85a6db41d426f5
- https://git.kernel.org/stable/c/beeed260b92af158592f5e8d2dab65dae45c6f70
- https://git.kernel.org/stable/c/e120b6388d7d88635d67dcae6483f39c37111850
- https://git.kernel.org/stable/c/ee25389df80138907bc9dcdf4a2be2067cde9a81
- https://git.kernel.org/stable/c/34f7ebff1b9699e0b89fa58b693bc098c2f5ec72
- https://git.kernel.org/stable/c/68a5a00c5d38978a3f8460c6f182f7beec8688ff
- https://git.kernel.org/stable/c/79ddf5f2020fd593d50f1363bb5131283d74f78f
- https://git.kernel.org/stable/c/7bbf76c9bb2c58375e183074e44f9712483f0603
- https://git.kernel.org/stable/c/b33a81e4ecfb022b028cae37d1c1ce28ac1b359d
- https://git.kernel.org/stable/c/b4c24de37a6bb383394a6fef2b85a6db41d426f5
- https://git.kernel.org/stable/c/beeed260b92af158592f5e8d2dab65dae45c6f70
- https://git.kernel.org/stable/c/e120b6388d7d88635d67dcae6483f39c37111850
- https://git.kernel.org/stable/c/ee25389df80138907bc9dcdf4a2be2067cde9a81
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html