CVE-2024-41035: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
First published: Mon Jul 29 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result of the bug, the endpoint_is_duplicate() routine in config.c (and possibly other routines as well) may believe that two descriptors are for distinct endpoints, even though they have the same direction and endpoint number. This can lead to confusion, including the bug identified by syzbot (two descriptors with matching endpoint numbers and directions, where one was interrupt and the other was bulk). To fix the bug, we will clear the reserved bits in bEndpointAddress when we parse the descriptor. (Note that both the USB-2.0 and USB-3.1 specs say these bits are "Reserved, reset to zero".) This requires us to make a copy of the descriptor earlier in usb_parse_endpoint() and use the copy instead of the original when checking for duplicates.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.19.318 | 4.19.318 |
| redhat/kernel | <5.4.280 | 5.4.280 |
| redhat/kernel | <5.10.222 | 5.10.222 |
| redhat/kernel | <5.15.163 | 5.15.163 |
| redhat/kernel | <6.1.100 | 6.1.100 |
| redhat/kernel | <6.6.41 | 6.6.41 |
| redhat/kernel | <6.9.10 | 6.9.10 |
| redhat/kernel | <6.10 | 6.10 |
| IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Software Stack | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager Virtual Appliance | <=ISVG 10.0.2 | |
| IBM Security Verify Governance Identity Manager Container | <=ISVG 10.0.2 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.21-1 6.12.22-1 | |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/2bd8534a1b83c65702aec3cab164170f8e584188
- https://git.kernel.org/stable/c/37514a5c1251a8c5c95c323f55050736e7069ac7
- https://git.kernel.org/stable/c/60abea505b726b38232a0ef410d2bd1994a77f78
- https://git.kernel.org/stable/c/647d61aef106dbed9c70447bcddbd4968e67ca64
- https://git.kernel.org/stable/c/9edcf317620d7c6a8354911b69b874cf89716646
- https://git.kernel.org/stable/c/a368ecde8a5055b627749b09c6218ef793043e47
- https://git.kernel.org/stable/c/d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf
- https://git.kernel.org/stable/c/d8418fd083d1b90a6c007cf8dcf81aeae274727b
- https://lore.kernel.org/linux-cve-announce/2024072922-CVE-2024-41035-5e6b@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2301536
- https://access.redhat.com/errata/RHSA-2024:7001
- https://access.redhat.com/errata/RHSA-2024:7000
- https://bugzilla.redhat.com/show_bug.cgi?id=2300402
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41035
- https://nvd.nist.gov/vuln/detail/CVE-2024-41035
- https://launchpad.net/bugs/cve/CVE-2024-41035
- https://security-tracker.debian.org/tracker/CVE-2024-41035
- https://ubuntu.com/security/CVE-2024-41035
- https://git.kernel.org/linus/a368ecde8a5055b627749b09c6218ef793043e47
- https://www.ibm.com/support/pages/node/7230443 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-41035?
CVE-2024-41035 is categorized as a low severity vulnerability in the Linux kernel.
How do I fix CVE-2024-41035?
To mitigate CVE-2024-41035, upgrade the kernel to a version that is 4.19.318 or newer, or follow the specific package guidelines provided by your distribution.
What impact does CVE-2024-41035 have on systems?
CVE-2024-41035 can lead to unexpected behavior in USB devices due to a bug in the USB core of the Linux kernel.
Which versions of the Linux kernel are affected by CVE-2024-41035?
CVE-2024-41035 affects multiple versions of the Linux kernel prior to 4.19.318, 5.4.280, 5.10.222, 5.15.163, 6.1.100, and others as specified in the remediation guidelines.
Is CVE-2024-41035 a critical vulnerability?
No, CVE-2024-41035 is not classified as a critical vulnerability, but it should still be addressed to ensure stable system operation.
- agent/title
- agent/type
- collector/nvd-api
- source/NVD
- agent/remedy
- agent/first-publish-date
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-41035
- agent/software-canonical-lookup
- collector/nvd-cve
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/last-modified-date
- agent/references
- agent/source
- agent/description
- agent/event
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- agent/tags
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/ibm
- canonical/ibm security verify governance - identity manager
- version/ibm security verify governance - identity manager/isvg 10.0.2
- canonical/ibm security verify governance, identity manager software stack
- version/ibm security verify governance, identity manager software stack/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance
- version/ibm security verify governance, identity manager virtual appliance/isvg 10.0.2
- canonical/ibm security verify governance identity manager container
- version/ibm security verify governance identity manager container/isvg 10.0.2
- package-manager/debian