Linux Kernel mceusb Driver Invalid Pipe Direction Vulnerability

A vulnerability in the Linux kernel's mceusb driver has been addressed. The issue arose from the driver sending an unusual read request on endpoint 0 without properly indicating the direction in the bRequestType field. This discrepancy triggered a warning during automated kernel fuzzing, highlighting the invalid pipe direction. The vulnerability could potentially lead to improper handling of USB control messages, as the driver failed to match the expected request direction.

Impact

The vulnerability could cause warnings about invalid pipe directions to be generated, indicating a mismatch in expected USB control message handling. This could lead to improper USB communication, potentially causing disruptions in device functionality or management.

Remediation

The vulnerability has been fixed by updating the mceusb driver to use the newer usb_control_msg_recv() and usb_control_msg_send() routines, which properly handle the direction of control messages. Users should ensure they are running a version of the Linux kernel that includes this fix.