PT-2024-31364 · Linux+6 · Linux Kernel+6

Published

2024-08-16

·

Updated

2025-09-29

·

CVE-2024-45011

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue concerns the Linux kernel's handling of USB endpoints in the xillybus driver. Specifically, it involves verifying that all endpoints the driver attempts to access exist and are of the correct type when probing a device. All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at address 1, which is checked by the xillyusb setup base eps() function. Additionally, these devices may have extra Bulk OUT endpoints, with their addresses deduced from a data structure called the IDT fetched by the driver during probing, and checked in the setup channels() function. Since a XillyUSB device only has one IN endpoint for multiplexing data towards the host, setup channels() only checks OUT endpoints.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-12053
ALT-PU-2024-13121
ALT-PU-2024-13260
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-49203
AZL-49254
BDU:2025-01916
CVE-2024-45011
DLA-4008-1
DSA-5782-1
OESA-2024-2219
OPENSUSE-SU-2024_3551-1
OPENSUSE-SU-2024_3561-1
OPENSUSE-SU-2024_3564-1
OPENSUSE-SU-2024_3587-1
OPENSUSE-SU-2024_3592-1
SUSE-SU-2024:3551-1
SUSE-SU-2024:3553-1
SUSE-SU-2024:3561-1
SUSE-SU-2024:3564-1
SUSE-SU-2024:3569-1
SUSE-SU-2024:3587-1
SUSE-SU-2024:3592-1
SUSE-SU-2025:20073-1
SUSE-SU-2025:20077-1
USN-7100-1
USN-7100-2
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu