Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. This time the issue stems from a commit authored by me (2eabb655a968 ("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")). While using usb_find_common_endpoints() may usually be enough to discard devices with wrong endpoints, in this case one needs more than just finding and identifying the sufficient number of endpoints of correct types - one needs to check the endpoint's address as well. Since cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind, switch the endpoint verification approach to usb_check_XXX_endpoints() instead to fix incomplete ep testing. [1] Syzbot report: usb 5-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... RIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649 cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline] cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223 usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058 cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377 usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396 really_probe+0x2b9/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 ...
CVSS3: 5.5
| OS | Vendor version | Errata |
|---|---|---|
| Ubuntu 20.04 | 5.4.0-216.236 | USN-7516-1 |
| Debian 11 | 5.10.237-1 | DLA-4178-1 |
| Ubuntu 22.04 | 5.15.0-140.150 | USN-7510-1 |
| Ubuntu 22.04 AWS | 5.15.0-1084.91 | USN-7510-7 |
| Ubuntu 22.04 Azure | 5.15.0-1089.98 | USN-7510-3 |
| Debian 11 cloud | 5.10.237-1 | DLA-4178-1 |
| Ubuntu 20.04 HWE AWS | 5.15.0-1084.91~20.04.1 | USN-7510-8 |
| Ubuntu 20.04 HWE Azure | 5.15.0-1089.98~20.04.1 | USN-7510-3 |
| Ubuntu 20.04 GCP | 5.4.0-1149.158 | USN-7516-1 |
| Debian 12 | 6.1.133-1 | DSA-5900-1 |
| Ubuntu 24.04 | 6.8.0-84.84 | USN-7764-1 |
| Ubuntu 24.04 AWS | 6.8.0-1039.41 | USN-7764-1 |
| OS | Original kernel version | State |
|---|---|---|
| Ubuntu 20.04 | |
Planned |
| Ubuntu 18.04 AWS Focal | |
Planned |
| Debian 11 | |
Planned |
| Ubuntu 22.04 |
5.15.0-121.131
show all
hide all
5.15.0-122.132
5.15.0-124.134
5.15.0-125.135
5.15.0-127.137
5.15.0-130.140
5.15.0-126.136
5.15.0-131.141
5.15.0-128.138
5.15.0-133.144
5.15.0-134.145
5.15.0-135.146
5.15.0-136.147
5.15.0-138.148
5.15.0-139.149
|
Released |
| Ubuntu 22.04 AWS |
5.15.0-1069.75
show all
hide all
5.15.0-1070.76
5.15.0-1071.77
5.15.0-1072.78
5.15.0-1073.79
5.15.0-1076.83
5.15.0-1078.85
5.15.0-1079.86
5.15.0-1080.87
5.15.0-1081.88
5.15.0-1082.89
5.15.0-1083.90
|
Released |
| Ubuntu 22.04 Azure |
5.15.0-1072.81
show all
hide all
5.15.0-1073.82
5.15.0-1074.83
5.15.0-1075.84
5.15.0-1078.87
5.15.0-1079.88
5.15.0-1081.90
5.15.0-1082.91
5.15.0-1084.93
5.15.0-1086.95
5.15.0-1087.96
5.15.0-1088.97
|
Released |
| Debian 11 cloud | |
Planned |
| Ubuntu 20.04 HWE AWS |
5.15.0-1069.75~20.04.1
show all
hide all
5.15.0-1070.76~20.04.1
5.15.0-1071.77~20.04.1
5.15.0-1072.78~20.04.1
5.15.0-1073.79~20.04.1
5.15.0-1075.82~20.04.1
5.15.0-1077.84~20.04.1
5.15.0-1080.87~20.04.1
5.15.0-1081.88~20.04.1
5.15.0-1082.89~20.04.1
5.15.0-1083.90~20.04.1
|
Released |
| Ubuntu 20.04 HWE Azure |
5.15.0-1072.81~20.04.1
show all
hide all
5.15.0-1073.82~20.04.1
5.15.0-1074.83~20.04.1
5.15.0-1075.84~20.04.1
5.15.0-1078.87~20.04.1
5.15.0-1079.88~20.04.1
5.15.0-1081.90~20.04.1
5.15.0-1082.91~20.04.1
5.15.0-1086.95~20.04.1
5.15.0-1087.96~20.04.1
5.15.0-1088.97~20.04.1
|
Released |
| Ubuntu 20.04 GCP | |
Planned |
| Debian 12 | |
Planned |
| Ubuntu 24.04 | |
Planned |
| Ubuntu 24.04 AWS | |
Planned |