PT-2024-9083 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2024-04-30

·

Updated

2025-02-03

·

CVE-2024-38565

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the wifi component ar5523 in the Linux kernel. It involves errors in resource management within the ar5523 probe() function. Exploitation of this issue could lead to a denial of service. The problem arises when an endpoint in use does not have the expected type, as reported by Syzkaller. The fix involves checking for the existence of all proper endpoints with their respective types intact. However, the patch has not been tested on real hardware. Technical details include the ar5523 cmd() and ar5523 probe() functions, and the usb submit urb() function where the warning occurs.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2024-10765
CVE-2024-38565
DLA-3840-1
DSA-5730-1
MGASA-2024-0263
MGASA-2024-0266
OESA-2024-2028
OESA-2024-2029
OESA-2024-2030
OESA-2024-2076
OESA-2024-2185
OPENSUSE-SU-2024_2372-1
OPENSUSE-SU-2024_2394-1
SUSE-SU-2024:2360-1
SUSE-SU-2024:2372-1
SUSE-SU-2024:2381-1
SUSE-SU-2024:2394-1
SUSE-SU-2024:2561-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1
USN-6949-1
USN-6949-2
USN-6951-1
USN-6951-2
USN-6951-3
USN-6951-4
USN-6952-1
USN-6952-2
USN-6953-1
USN-6955-1
USN-6979-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7009-1
USN-7009-2
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu