-

CVE-2023-53548

In the Linux kernel, the following vulnerability has been resolved:

net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb

The syzbot fuzzer identified a problem in the usbnet driver:

usb 1-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
Modules linked in:
CPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Workqueue: mld mld_ifc_work
RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
Code: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7
RSP: 0018:ffffc9000463f568 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001
RBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003
R13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453
 __netdev_start_xmit include/linux/netdevice.h:4918 [inline]
 netdev_start_xmit include/linux/netdevice.h:4932 [inline]
 xmit_one net/core/dev.c:3578 [inline]
 dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594
...

This bug is caused by the fact that usbnet trusts the bulk endpoint
addresses its probe routine receives in the driver_info structure, and
it does not check to see that these endpoints actually exist and have
the expected type and directions.

The fix is simply to add such a check.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < a0715d04cf687a7e21f0d6ac8c1d479294a3f6f8
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 53c250ea57cf03af41339234b9855ae284f9db91
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < a05ac5d00eb7fcb2fda806caa4f56e88df6bc6bb
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < ec0d0be41721aca683c5606354a58ee2c687e3f8
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 27d0f755d649d388fcd12f01436c9a33289e14e3
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 1bebbd9b8037a9cc75984317cb495dec4824c399
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 0dd3e0c31bf3e933fb85faf1443833aef90b8e46
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
Version < 5e1627cb43ddf1b24b92eb26f8d958a3f5676ccb
Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version <= 4.14.*
Version 4.14.322
Status unaffected
Version <= 4.19.*
Version 4.19.291
Status unaffected
Version <= 5.4.*
Version 5.4.253
Status unaffected
Version <= 5.10.*
Version 5.10.190
Status unaffected
Version <= 5.15.*
Version 5.15.126
Status unaffected
Version <= 6.1.*
Version 6.1.45
Status unaffected
Version <= 6.4.*
Version 6.4.10
Status unaffected
Version <= *
Version 6.5
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.053
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String