CVE-2024-41097: usb: atm: cxacru: fix endpoint checking in cxacru_bind()
In the Linux kernel, the following vulnerability has been resolved:
usb: atm: cxacru: fix endpoint checking in cxacrubind()
Syzbot is still reporting quite an old issue [1] that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting stage which in turn triggers a warning in usbsubmiturb().
Fix the issue by verifying that required endpoint types are present for both in and out endpoints, taking into account cmd endpoint type.
Unfortunately, this patch has not been tested on real hardware.
[1] Syzbot report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usbsubmiturb+0xed2/0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usbhubwq hubevent RIP: 0010:usbsubmiturb+0xed2/0x18a0 drivers/usb/core/urb.c:502 ... Call Trace: cxacrucm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649 cxacrucardstatus+0x22/0xd0 drivers/usb/atm/cxacru.c:760 cxacrubind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209 usbatmusbprobe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055 cxacruusbprobe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363 usbprobeinterface+0x315/0x7f0 drivers/usb/core/driver.c:396 calldriverprobe drivers/base/dd.c:517 [inline] reallyprobe+0x23c/0xcd0 drivers/base/dd.c:595 driverprobedevice+0x338/0x4d0 drivers/base/dd.c:747 driverprobedevice+0x4c/0x1a0 drivers/base/dd.c:777 deviceattachdriver+0x20b/0x2f0 drivers/base/dd.c:894 busforeachdrv+0x15f/0x1e0 drivers/base/bus.c:427 deviceattach+0x228/0x4a0 drivers/base/dd.c:965 busprobedevice+0x1e4/0x290 drivers/base/bus.c:487 deviceadd+0xc2f/0x2180 drivers/base/core.c:3354 usbsetconfiguration+0x113a/0x1910 drivers/usb/core/message.c:2170 usbgenericdriverprobe+0xba/0x100 drivers/usb/core/generic.c:238 usbprobedevice+0xd9/0x2c0 drivers/usb/core/driver.c:293
Other sources
Linux Kernel is vulnerable to a denial of service, caused by a flaw in Usb: Atm: Cxacru. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-41097?
The severity of CVE-2024-41097 is currently not explicitly rated, but it involves incomplete endpoint checking in the Linux kernel, which may lead to potential exploitation.
How do I fix CVE-2024-41097?
To address CVE-2024-41097, update the Linux kernel to one of the patched versions: 4.19.317, 5.4.279, 5.10.221, 5.15.162, 6.1.97, 6.6.37, 6.9.8, or 6.10.
Which versions of the Linux kernel are affected by CVE-2024-41097?
CVE-2024-41097 affects multiple Linux kernel versions up to 4.19.317 and other specified versions up to 6.10.
What type of vulnerability is CVE-2024-41097?
CVE-2024-41097 is a vulnerability that results from inadequate checking of USB endpoint types in the Linux kernel.
Is there a risk of exploitation with CVE-2024-41097?
Yes, CVE-2024-41097 poses a risk of exploitation through incorrect USB endpoint handling in affected Linux kernel versions.