Linux Kernel udlfb Driver Endpoint Type Vulnerability

A vulnerability in the Linux kernel's udlfb driver has been addressed, which was identified by the syzbot fuzzer. The issue arose because a USB endpoint did not have the expected type, leading to a failure in reading the EDID from a connected device or display. This discrepancy triggered a warning about a bogus USB transfer, indicating a mismatch between the expected and actual endpoint types. The problem was caused by the driver's endpoint check, which only verified the existence of a bulk-out endpoint without ensuring it was the one actually used by the driver. The vulnerability affected Linux kernel versions prior to 6.4.0-rc1.

Impact

Exploitation of this vulnerability could lead to improper handling of USB data transfers, potentially causing disruptions in video output or communication with USB devices.

Reproduction

The vulnerability can be reproduced by using a DisplayLink device that does not conform to the expected USB endpoint specifications. Connect the device to a system running an affected version of the Linux kernel, and the udlfb driver will attempt to read the EDID. The mismatch in endpoint types will trigger a warning, indicating the presence of the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel to address this vulnerability. The issue has been fixed in the official Linux Git repository.