CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
19.5%
A flaw was found in the USB Host Controller Driver framework in the Linux
kernel. The usb_giveback_urb function has a logic loophole in its
implementation. Due to the inappropriate judgment condition of the goto
statement, the function cannot return under the input of a specific
malformed descriptor file, so it falls into an endless loop, resulting in a
denial of service.
Author | Note |
---|---|
Priority reason: Requires physical access to insert a malicious device, and the denial of service is simply log flooding due to a malforrmed response. | |
sbeattie | issue is not clear; the function the reporter mentions does not exist. though there is the similar usb_giveback_urb_bh(). However, as of 6.3.7, which the reporter claims is vulnerable, that function contained no gotos, though it did until 26c6c2f8a907 (“USB: HCD: Fix URB giveback issue in tasklet function”), which landed in v6.0-rc1. |
magalilemes | This is a USB device using interrupt transfers. So, as soon as a response is received, it submits another URB, waiting for the next “interrupt” to happen. That is totally normal. But as the response is malformed, the imon driver outputs a warning without any throttling. There is no system lockup happening. The imon driver has been issuing those warnings since its inception, so using that as the break commit. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
19.5%