cve-2024-27001
Vulnerability from cvelistv5
Published
2024-05-01 05:28
Modified
2024-11-05 09:19
Severity ?
Summary
comedi: vmk80xx: fix incomplete endpoint checking
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T14:56:33.918930Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T14:56:44.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/vmk80xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a63ae0348d9",
              "status": "affected",
              "version": "49253d542cc0",
              "versionType": "git"
            },
            {
              "lessThan": "a3b8ae7e9297",
              "status": "affected",
              "version": "49253d542cc0",
              "versionType": "git"
            },
            {
              "lessThan": "f15370e31597",
              "status": "affected",
              "version": "49253d542cc0",
              "versionType": "git"
            },
            {
              "lessThan": "b0b268eeb087",
              "status": "affected",
              "version": "49253d542cc0",
              "versionType": "git"
            },
            {
              "lessThan": "ac882d6b21bf",
              "status": "affected",
              "version": "49253d542cc0",
              "versionType": "git"
            },
            {
              "lessThan": "59f33af97961",
              "status": "affected",
              "version": "49253d542cc0",
              "versionType": "git"
            },
            {
              "lessThan": "6ec3514a7d35",
              "status": "affected",
              "version": "49253d542cc0",
              "versionType": "git"
            },
            {
              "lessThan": "d1718530e3f6",
              "status": "affected",
              "version": "49253d542cc0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/comedi/drivers/vmk80xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: vmk80xx: fix incomplete endpoint checking\n\nWhile vmk80xx does have endpoint checking implemented, some things\ncan fall through the cracks. Depending on the hardware model,\nURBs can have either bulk or interrupt type, and current version\nof vmk80xx_find_usb_endpoints() function does not take that fully\ninto account. While this warning does not seem to be too harmful,\nat the very least it will crash systems with \u0027panic_on_warn\u0027 set on\nthem.\n\nFix the issue found by Syzkaller [1] by somewhat simplifying the\nendpoint checking process with usb_find_common_endpoints() and\nensuring that only expected endpoint types are present.\n\nThis patch has not been tested on real hardware.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n \u003cTASK\u003e\n usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59\n vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]\n vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818\n comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067\n usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399\n...\n\nSimilar issue also found by Syzkaller:"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:19:42.760Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b"
        },
        {
          "url": "https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8"
        }
      ],
      "title": "comedi: vmk80xx: fix incomplete endpoint checking",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27001",
    "datePublished": "2024-05-01T05:28:40.341Z",
    "dateReserved": "2024-02-19T14:20:24.207Z",
    "dateUpdated": "2024-11-05T09:19:42.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27001\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-01T06:15:18.330\",\"lastModified\":\"2024-11-05T10:16:15.723\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncomedi: vmk80xx: fix incomplete endpoint checking\\n\\nWhile vmk80xx does have endpoint checking implemented, some things\\ncan fall through the cracks. Depending on the hardware model,\\nURBs can have either bulk or interrupt type, and current version\\nof vmk80xx_find_usb_endpoints() function does not take that fully\\ninto account. While this warning does not seem to be too harmful,\\nat the very least it will crash systems with \u0027panic_on_warn\u0027 set on\\nthem.\\n\\nFix the issue found by Syzkaller [1] by somewhat simplifying the\\nendpoint checking process with usb_find_common_endpoints() and\\nensuring that only expected endpoint types are present.\\n\\nThis patch has not been tested on real hardware.\\n\\n[1] Syzkaller report:\\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\\nWARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\\n...\\nCall Trace:\\n \u003cTASK\u003e\\n usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59\\n vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]\\n vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818\\n comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067\\n usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399\\n...\\n\\nSimilar issue also found by Syzkaller:\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: comedi: vmk80xx: corrige la verificaci\u00f3n de endpoints incompleta Si bien vmk80xx tiene implementada la verificaci\u00f3n de endpoints, algunas cosas pueden pasar desapercibidas. Dependiendo del modelo de hardware, las URB pueden tener un tipo masivo o de interrupci\u00f3n, y la versi\u00f3n actual de la funci\u00f3n vmk80xx_find_usb_endpoints() no lo tiene completamente en cuenta. Si bien esta advertencia no parece ser demasiado da\u00f1ina, al menos bloquear\u00e1 los sistemas que tengan configurado \u0027panic_on_warn\u0027. Solucione el problema encontrado por Syzkaller [1] simplificando un poco el proceso de verificaci\u00f3n de endpoints con usb_find_common_endpoints() y asegur\u00e1ndose de que solo est\u00e9n presentes los tipos de endpoints esperados. Este parche no ha sido probado en hardware real. [1] Informe Syzkaller: usb 1-1: BOGUS urb xfer, tuber\u00eda 1! = tipo 3 ADVERTENCIA: CPU: 0 PID: 781 en drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/ core/urb.c:503... Seguimiento de llamadas:  usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [en l\u00ednea] vmk80xx_auto_attach+0xa1c /0x1a40 drivers/comedi/drivers/vmk80xx.c:818 comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067 usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399 ... Tambi\u00e9n se encontr\u00f3 un problema similar por Syzkaller:\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.