CVE-2024-27001
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2024-12-19 08:52
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall through the cracks. Depending on the hardware model, URBs can have either bulk or interrupt type, and current version of vmk80xx_find_usb_endpoints() function does not take that fully into account. While this warning does not seem to be too harmful, at the very least it will crash systems with 'panic_on_warn' set on them. Fix the issue found by Syzkaller [1] by somewhat simplifying the endpoint checking process with usb_find_common_endpoints() and ensuring that only expected endpoint types are present. This patch has not been tested on real hardware. [1] Syzkaller report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline] vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818 comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067 usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399 ... Similar issue also found by Syzkaller:
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Impacted products
Vendor Product Version
Linux Linux Version: 3.9
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T14:56:33.918930Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T14:56:44.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/vmk80xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a63ae0348d990e137cca04eced5b08379969ea9",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "a3b8ae7e9297dd453f2977b011c5bc75eb20e71b",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "f15370e315976198f338b41611f37ce82af6cf54",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "b0b268eeb087e324ef3ea71f8e6cabd07630517f",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "ac882d6b21bffecb57bcc4486701239eef5aa67b",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "59f33af9796160f851641d960bd93937f282c696",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "6ec3514a7d35ad9cfab600187612c29f669069d2",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            },
            {
              "lessThan": "d1718530e3f640b7d5f0050e725216eab57a85d8",
              "status": "affected",
              "version": "49253d542cc0f5f771dc254d248162a2a666649d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/vmk80xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: vmk80xx: fix incomplete endpoint checking\n\nWhile vmk80xx does have endpoint checking implemented, some things\ncan fall through the cracks. Depending on the hardware model,\nURBs can have either bulk or interrupt type, and current version\nof vmk80xx_find_usb_endpoints() function does not take that fully\ninto account. While this warning does not seem to be too harmful,\nat the very least it will crash systems with \u0027panic_on_warn\u0027 set on\nthem.\n\nFix the issue found by Syzkaller [1] by somewhat simplifying the\nendpoint checking process with usb_find_common_endpoints() and\nensuring that only expected endpoint types are present.\n\nThis patch has not been tested on real hardware.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59\n vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]\n vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818\n comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067\n usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399\n...\n\nSimilar issue also found by Syzkaller:"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:52:15.989Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b"
        },
        {
          "url": "https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8"
        }
      ],
      "title": "comedi: vmk80xx: fix incomplete endpoint checking",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27001",
    "datePublished": "2024-05-01T05:28:40.341Z",
    "dateReserved": "2024-02-19T14:20:24.207Z",
    "dateUpdated": "2024-12-19T08:52:15.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27001\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-01T06:15:18.330\",\"lastModified\":\"2024-11-21T09:03:35.587\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncomedi: vmk80xx: fix incomplete endpoint checking\\n\\nWhile vmk80xx does have endpoint checking implemented, some things\\ncan fall through the cracks. Depending on the hardware model,\\nURBs can have either bulk or interrupt type, and current version\\nof vmk80xx_find_usb_endpoints() function does not take that fully\\ninto account. While this warning does not seem to be too harmful,\\nat the very least it will crash systems with \u0027panic_on_warn\u0027 set on\\nthem.\\n\\nFix the issue found by Syzkaller [1] by somewhat simplifying the\\nendpoint checking process with usb_find_common_endpoints() and\\nensuring that only expected endpoint types are present.\\n\\nThis patch has not been tested on real hardware.\\n\\n[1] Syzkaller report:\\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\\nWARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\\n...\\nCall Trace:\\n \u003cTASK\u003e\\n usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59\\n vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]\\n vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818\\n comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067\\n usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399\\n...\\n\\nSimilar issue also found by Syzkaller:\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: comedi: vmk80xx: corrige la verificaci\u00f3n de endpoints incompleta Si bien vmk80xx tiene implementada la verificaci\u00f3n de endpoints, algunas cosas pueden pasar desapercibidas. Dependiendo del modelo de hardware, las URB pueden tener un tipo masivo o de interrupci\u00f3n, y la versi\u00f3n actual de la funci\u00f3n vmk80xx_find_usb_endpoints() no lo tiene completamente en cuenta. Si bien esta advertencia no parece ser demasiado da\u00f1ina, al menos bloquear\u00e1 los sistemas que tengan configurado \u0027panic_on_warn\u0027. Solucione el problema encontrado por Syzkaller [1] simplificando un poco el proceso de verificaci\u00f3n de endpoints con usb_find_common_endpoints() y asegur\u00e1ndose de que solo est\u00e9n presentes los tipos de endpoints esperados. Este parche no ha sido probado en hardware real. [1] Informe Syzkaller: usb 1-1: BOGUS urb xfer, tuber\u00eda 1! = tipo 3 ADVERTENCIA: CPU: 0 PID: 781 en drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/ core/urb.c:503... Seguimiento de llamadas:  usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [en l\u00ednea] vmk80xx_auto_attach+0xa1c /0x1a40 drivers/comedi/drivers/vmk80xx.c:818 comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067 usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399 ... Tambi\u00e9n se encontr\u00f3 un problema similar por Syzkaller:\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.