Linux Kernel usbnet gl620a Endpoint Checking Vulnerability in genelink_bind()

A vulnerability in the Linux kernel's usbnet component, specifically within the gl620a driver, has been addressed. The issue arose because genelink_bind() failed to properly verify whether the specified endpoints were actually provided by the device, leading to a mismatch. This flaw was reported by Syzbot, which noted a warning in usb_submit_urb() due to inconsistencies between expected and actual endpoints. The vulnerability could be triggered by an artificially manufactured device that did not conform to the endpoint requirements.

Impact

The vulnerability could cause a denial-of-service condition by triggering a warning in usb_submit_urb(), indicating a mismatch in USB endpoint expectations. This could disrupt normal USB communication and potentially lead to broader network issues, especially in environments relying on USB-based networking.

Reproduction

The vulnerability can be reproduced by using a device that emulates a USB device with missing or incorrect endpoint configurations, specifically one that is recognized by the gl620a driver. This can be done by creating a virtual USB device through a hypervisor like QEMU, which can simulate the faulty endpoint behavior. Once the device is connected, the system will register it and the gl620a driver will attempt to bind to it. The missing endpoint will cause the driver to submit a USB request that triggers the warning, demonstrating the vulnerability.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Consult the Linux kernel changelog or your distribution's update documentation for specific guidance.