CVE-2025-21708

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: usb: rtl8150: enable basic endpoint checking<br /> <br /> Syzkaller reports [1] encountering a common issue of utilizing a wrong<br /> usb endpoint type during URB submitting stage. This, in turn, triggers<br /> a warning shown below.<br /> <br /> For now, enable simple endpoint checking (specifically, bulk and<br /> interrupt eps, testing control one is not essential) to mitigate<br /> the issue with a view to do other related cosmetic changes later,<br /> if they are necessary.<br /> <br /> [1] Syzkaller report:<br /> usb 1-1: BOGUS urb xfer, pipe 3 != type 1<br /> WARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv&gt;<br /> Modules linked in:<br /> CPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617&gt;<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024<br /> RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503<br /> Code: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8&gt;<br /> RSP: 0018:ffffc9000441f740 EFLAGS: 00010282<br /> RAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9<br /> RDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001<br /> RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000<br /> R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001<br /> R13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c<br /> FS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733<br /> __dev_open+0x2d4/0x4e0 net/core/dev.c:1474<br /> __dev_change_flags+0x561/0x720 net/core/dev.c:8838<br /> dev_change_flags+0x8f/0x160 net/core/dev.c:8910<br /> devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177<br /> inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003<br /> sock_do_ioctl+0x116/0x280 net/socket.c:1222<br /> sock_ioctl+0x22e/0x6c0 net/socket.c:1341<br /> vfs_ioctl fs/ioctl.c:51 [inline]<br /> __do_sys_ioctl fs/ioctl.c:907 [inline]<br /> __se_sys_ioctl fs/ioctl.c:893 [inline]<br /> __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> RIP: 0033:0x7fc04ef73d49<br /> ...<br /> <br /> This change has not been tested on real hardware.