5.5

CVE-2025-21916

usb: atm: cxacru: fix a flaw in existing endpoint checks

In the Linux kernel, the following vulnerability has been resolved:

usb: atm: cxacru: fix a flaw in existing endpoint checks

Syzbot once again identified a flaw in usb endpoint checking, see [1].
This time the issue stems from a commit authored by me (2eabb655a968
("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")).

While using usb_find_common_endpoints() may usually be enough to
discard devices with wrong endpoints, in this case one needs more
than just finding and identifying the sufficient number of endpoints
of correct types - one needs to check the endpoint's address as well.

Since cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind,
switch the endpoint verification approach to usb_check_XXX_endpoints()
instead to fix incomplete ep testing.

[1] Syzbot report:
usb 5-1: BOGUS urb xfer, pipe 3 != type 1
WARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503
...
RIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503
...
Call Trace:
 <TASK>
 cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649
 cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline]
 cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223
 usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058
 cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377
 usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396
 really_probe+0x2b9/0xad0 drivers/base/dd.c:658
 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800
 driver_probe_device+0x50/0x430 drivers/base/dd.c:830
...
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.317 < 4.20
LinuxLinux Kernel Version >= 5.4.279 < 5.4.291
LinuxLinux Kernel Version >= 5.10.221 < 5.10.235
LinuxLinux Kernel Version >= 5.15.162 < 5.15.179
LinuxLinux Kernel Version >= 6.1.97 < 6.1.131
LinuxLinux Kernel Version >= 6.6.37 < 6.6.83
LinuxLinux Kernel Version >= 6.9.8 < 6.10
LinuxLinux Kernel Version >= 6.10.1 < 6.12.19
LinuxLinux Kernel Version >= 6.13 < 6.13.7
LinuxLinux Kernel Version6.10 Update-
LinuxLinux Kernel Version6.10 Updaterc6
LinuxLinux Kernel Version6.10 Updaterc7
LinuxLinux Kernel Version6.14 Updaterc1
LinuxLinux Kernel Version6.14 Updaterc2
LinuxLinux Kernel Version6.14 Updaterc3
LinuxLinux Kernel Version6.14 Updaterc4
LinuxLinux Kernel Version6.14 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/197e78076c5ecd895f109158c4ea2954b9919af6
Patch
https://git.kernel.org/stable/c/319529e0356bd904528c64647725a2272d297c83
Patch
https://git.kernel.org/stable/c/903b80c21458bb1e34c3a78c5fdc553821e357f8
Patch
https://git.kernel.org/stable/c/a0475a885d69849b1ade38add6d64338dfa83a8f
Patch
https://git.kernel.org/stable/c/bf4409f84023b52b5e9b36c0a071a121eee42138
Patch
https://git.kernel.org/stable/c/c90aad369899a607cfbc002bebeafd51e31900cd
Patch
https://git.kernel.org/stable/c/cfc295f7cccf66cbd5123416bcf1bee2e1bd37de
Patch
https://git.kernel.org/stable/c/dcd592ab9dd8a2bfc36e75583b9006db2a77ec24
Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html