Linux Kernel USB Endpoint Check Vulnerability in CXACRU ATM Driver

A vulnerability has been identified in the Linux kernel's USB ATM CXACRU driver, specifically in the endpoint checking process. The issue arises from a previous commit that inadequately verified USB endpoints, allowing devices with incorrect endpoint configurations to be accepted. This flaw can lead to the submission of invalid USB requests, potentially causing disruptions in USB data transfer operations.

Impact

Exploitation of this vulnerability can result in improper handling of USB data transfers, potentially causing data corruption or loss.

Reproduction

The vulnerability can be reproduced by connecting a USB device that has incorrect endpoint configurations to a system running the affected Linux kernel version. The CXACRU ATM driver will then improperly accept the device, leading to the submission of invalid USB requests. This can be observed through system warnings about bogus USB transfer requests, indicating a mismatch between the expected and actual endpoint types.

Remediation

Users can apply the latest patches available in the Linux kernel's official repository to address this vulnerability.