Linux Kernel usbnet Driver: Improper Endpoint Validation Vulnerability

A vulnerability in the Linux kernel's usbnet driver allows for improper validation of USB bulk endpoint addresses. This issue was identified by the syzbot fuzzer, which reported a warning about a bogus USB request block (urb) transfer. The usbnet driver failed to verify that the endpoint addresses it received were correct and met the expected types and directions. As a result, the driver could potentially operate incorrectly or handle data improperly, leading to warnings and possible data transmission issues.

Impact

Exploitation of this vulnerability could cause the usbnet driver to issue warnings about invalid USB transfers, indicating a mismatch between the expected and actual endpoint types. This could disrupt normal USB data transmission processes.

Reproduction

The vulnerability can be reproduced by loading a USB device that is managed by the usbnet driver. The device should be one that the driver probes and initializes. During this process, the driver will receive endpoint information. If the driver trusts this information without proper validation, it can lead to the warning being triggered. This scenario can be automated with a fuzzer like syzkaller, which is designed to find such issues by sending unexpected or invalid data to the kernel.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commits that fix this issue are available in the Linux kernel stable tree.