CVE-2024-45011

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> char: xillybus: Check USB endpoints when probing device<br /> <br /> Ensure, as the driver probes the device, that all endpoints that the<br /> driver may attempt to access exist and are of the correct type.<br /> <br /> All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at<br /> address 1. This is verified in xillyusb_setup_base_eps().<br /> <br /> On top of that, a XillyUSB device may have additional Bulk OUT<br /> endpoints. The information about these endpoints&amp;#39; addresses is deduced<br /> from a data structure (the IDT) that the driver fetches from the device<br /> while probing it. These endpoints are checked in setup_channels().<br /> <br /> A XillyUSB device never has more than one IN endpoint, as all data<br /> towards the host is multiplexed in this single Bulk IN endpoint. This is<br /> why setup_channels() only checks OUT endpoints.