CVE-2023-52742

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc6-syzkaller-00050-g9f266ccaa2f5

Description A bug was detected in the plusb network driver where a zero-length control-OUT transfer was treated as a read instead of a write, provoking a WARNING in modern kernels. The vulnerability is related to the pl vendor req function in the plusb.c file. To exploit this issue, an attacker would need to send a specially crafted control-OUT transfer. The fix is to call usbnet write cmd() instead of usbnet read cmd() and remove the USB DIR IN flag.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the wrong-direction WARNING in plusb.c. Specifically, the fix involves calling usbnet write cmd() instead of usbnet read cmd() and removing the USB DIR IN flag. As a temporary workaround, consider disabling the pl vendor req function until a patch is available.