Linux Kernel EMS USB Message Length Validation Vulnerability

A vulnerability in the Linux kernel's EMS USB driver allows for improper validation of message lengths in the 'ems_usb_read_bulk_callback()' function. This issue can lead to buffer overflows when the actual length of the data received is not correctly checked against the expected message structure. The vulnerability affects the stable versions of the Linux kernel that include the EMS USB CAN interface support.

Impact

The vulnerability can be exploited to cause buffer overflows, which may lead to arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by sending USB messages to a device using the EMS USB driver, specifically one that supports the EMS CPC-USB/ARM7 CAN/USB interface. The driver will not properly validate the length of the messages, allowing for potential buffer overflows.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found on the official Linux kernel website.