PT-2024-29216 · Linux+9 · Linux Kernel+9
Syzbot
·
Published
2024-06-27
·
Updated
2025-10-07
·
CVE-2024-41035
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to a bug in the USB core of the Linux kernel, specifically in the
usb parse endpoint() function, which can lead to confusion when checking for duplicate endpoints. This is caused by the assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result, the endpoint is duplicate() routine may believe that two descriptors are for distinct endpoints, even though they have the same direction and endpoint number. This can lead to confusion, including the bug identified by syzbot, where two descriptors with matching endpoint numbers and directions, one being interrupt and the other bulk, are treated as distinct. The bug can be exploited to cause a denial of service.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu