CVE-2023-52477

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.108-18910-gab0e1cb584e1

Description The issue is related to the Linux kernel's USB hub component, where many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and initialized. If usb get bos descriptor() fails, udev->bos will be NULL, resulting in a crash due to a kernel NULL pointer dereference. The vulnerability can cause the system to crash, leading to a denial-of-service (DoS) condition. To mitigate this, the Linux kernel has been updated to guard against accesses to uninitialized BOS descriptors and fall back to a default behavior if the BOS descriptor isn't accessible, skipping functionalities that depend on it, such as LPM support checks, Super Speed capability checks, and U1/U2 states setup.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 5.15.108-18910-gab0e1cb584e1. As a temporary workaround, consider disabling the hub port reset() function until a patch is available. Additionally, restrict access to the vulnerable module drivers/usb/core/hub.c to minimize the risk of exploitation. Avoid using the usb get bos descriptor() function in the affected API endpoint until the issue is resolved.