Linux Kernel USB Hub Non-Compliant Device Handling Vulnerability

A vulnerability in the Linux kernel's USB hub driver allows for a general protection fault, likely due to a null pointer dereference. This issue arises when a USB device presents multiple configurations or interfaces, violating the USB specification. The hub driver incorrectly binds to the second interface, leading to a crash when the driver attempts to access a non-existent resource. The vulnerability has been addressed by modifying the driver to reject hub devices that do not comply with the USB spec regarding configurations and interfaces.

Impact

Exploitation of this vulnerability causes a general protection fault, leading to a crash of the kernel's USB hub handling process.

Reproduction

The vulnerability can be reproduced by connecting a non-compliant USB hub device that presents more than one configuration or interface. The hub driver will bind to the incorrect interface, causing a null pointer dereference and a general protection fault in the kernel.

Remediation

Users should ensure that only compliant USB hub devices are connected, particularly those that adhere to the specification regarding configurations and interfaces.