Linux Kernel GS_USB Driver URB Transmission Error Handling Vulnerability

A vulnerability exists in the Linux kernel's GS_USB CAN driver, specifically in the handling of failed bulk USB transfer callbacks. When a transfer fails, the driver does not properly clean up, leading to a decrease in the number of available USB Request Blocks (URBs) and causing performance issues. This lack of cleanup can ultimately halt data transmission. The vulnerability affects the stable versions of the Linux kernel.

Impact

Failure to clean up after a transmission error in the GS_USB driver can degrade performance and completely disrupt data transmission over the CAN interface.

Reproduction

The vulnerability can be reproduced by sending a bulk URB (USB Request Block) through the GS_USB CAN driver. If the transfer fails, the driver will not perform the necessary cleanup, such as freeing the associated context and updating the driver's accounting. This can be observed by monitoring the driver's transmission statistics, which will show an increase in errors and dropped packets.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.