Ricardo Cañuelo

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15.108-18910-gab0e1cb584e1 **Description** The issue is related to the Linux kernel's USB hub component, where many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside `udev->bos` without checking if it was allocated and initialized. If `usb get bos descriptor()` fails, `udev->bos` will be NULL, resulting in a crash due to a kernel NULL pointer dereference. The vulnerability can cause the system to crash, leading to a denial-of-service (DoS) condition. To mitigate this, the Linux kernel has been updated to guard against accesses to uninitialized BOS descriptors and fall back to a default behavior if the BOS descriptor isn't accessible, skipping functionalities that depend on it, such as LPM support checks, Super Speed capability checks, and U1/U2 states setup. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 5.15.108-18910-gab0e1cb584e1. As a temporary workaround, consider disabling the `hub port reset()` function until a patch is available. Additionally, restrict access to the vulnerable module `drivers/usb/core/hub.c` to minimize the risk of exploitation. Avoid using the `usb get bos descriptor()` function in the affected API endpoint until the issue is resolved.