Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-41035— USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

EPSS 0.01% · P1

Affected Version Matrix 32

VendorProductVersion RangeStatus
LinuxLinux0a8fd1346254974c3a852338508e4a4cddbb35f1< d8418fd083d1b90a6c007cf8dcf81aeae274727baffected
0a8fd1346254974c3a852338508e4a4cddbb35f1< 60abea505b726b38232a0ef410d2bd1994a77f78affected
0a8fd1346254974c3a852338508e4a4cddbb35f1< d09dd21bb5215d583ca9a1cb1464dbc77a7e88cfaffected
0a8fd1346254974c3a852338508e4a4cddbb35f1< 2bd8534a1b83c65702aec3cab164170f8e584188affected
0a8fd1346254974c3a852338508e4a4cddbb35f1< 9edcf317620d7c6a8354911b69b874cf89716646affected
0a8fd1346254974c3a852338508e4a4cddbb35f1< 647d61aef106dbed9c70447bcddbd4968e67ca64affected
0a8fd1346254974c3a852338508e4a4cddbb35f1< 37514a5c1251a8c5c95c323f55050736e7069ac7affected
0a8fd1346254974c3a852338508e4a4cddbb35f1< a368ecde8a5055b627749b09c6218ef793043e47affected
… +24 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-41035

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result of the bug, the endpoint_is_duplicate() routine in config.c (and possibly other routines as well) may believe that two descriptors are for distinct endpoints, even though they have the same direction and endpoint number. This can lead to confusion, including the bug identified by syzbot (two descriptors with matching endpoint numbers and directions, where one was interrupt and the other was bulk). To fix the bug, we will clear the reserved bits in bEndpointAddress when we parse the descriptor. (Note that both the USB-2.0 and USB-3.1 specs say these bits are "Reserved, reset to zero".) This requires us to make a copy of the descriptor earlier in usb_parse_endpoint() and use the copy instead of the original when checking for duplicates.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于在解析端点描述符时,假设保留位始终为0,这可能导致在检查重复项时错误地认为两个描述符是不同的端点。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 0a8fd1346254974c3a852338508e4a4cddbb35f1 ~ d8418fd083d1b90a6c007cf8dcf81aeae274727b -
LinuxLinux 4.10 -

II. Public POCs for CVE-2024-41035

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-41035

登录查看更多情报信息。

Other References for CVE-2024-41035 (7)

Same Patch Batch · Linux · 2024-07-29 · 121 CVEs total

CVE-2024-41089drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
CVE-2024-42068bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
CVE-2024-42067bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()
CVE-2024-42066drm/xe: Fix potential integer overflow in page size calculation
CVE-2024-42065drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
CVE-2024-42063bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
CVE-2024-42064drm/amd/display: Skip pipe if the pipe idx not set properly
CVE-2023-52887net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_s
CVE-2024-41098ata: libata-core: Fix null pointer dereference on error
CVE-2024-41097usb: atm: cxacru: fix endpoint checking in cxacru_bind()
CVE-2024-41096PCI/MSI: Fix UAF in msi_capability_init
CVE-2024-41095drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
CVE-2024-41094drm/fbdev-dma: Only set smem_start is enable per module option
CVE-2024-41093drm/amdgpu: avoid using null object of framebuffer
CVE-2024-41092drm/i915/gt: Fix potential UAF by revoke of fence registers
CVE-2024-41078btrfs: qgroup: fix quota root leak after quota disable failure
CVE-2024-41081ila: block BH in ila_output()
CVE-2024-41080io_uring: fix possible deadlock in io_register_iowq_max_workers()
CVE-2024-41079nvmet: always initialize cqe.result
CVE-2024-41076NFSv4: Fix memory leak in nfs4_set_security_label

Showing top 20 of 121 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2024-41035

No comments yet

Leave a comment