CVE-2023-53548

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb<br /> <br /> The syzbot fuzzer identified a problem in the usbnet driver:<br /> <br /> usb 1-1: BOGUS urb xfer, pipe 3 != type 1<br /> WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504<br /> Modules linked in:<br /> CPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023<br /> Workqueue: mld mld_ifc_work<br /> RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504<br /> Code: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7<br /> RSP: 0018:ffffc9000463f568 EFLAGS: 00010086<br /> RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000<br /> RDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001<br /> RBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000<br /> R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003<br /> R13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500<br /> FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0<br /> Call Trace:<br /> <br /> usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453<br /> __netdev_start_xmit include/linux/netdevice.h:4918 [inline]<br /> netdev_start_xmit include/linux/netdevice.h:4932 [inline]<br /> xmit_one net/core/dev.c:3578 [inline]<br /> dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594<br /> ...<br /> <br /> This bug is caused by the fact that usbnet trusts the bulk endpoint<br /> addresses its probe routine receives in the driver_info structure, and<br /> it does not check to see that these endpoints actually exist and have<br /> the expected type and directions.<br /> <br /> The fix is simply to add such a check.