Linux Kernel Kaweth Driver USB Endpoint Validation Vulnerability

A vulnerability exists in the Linux kernel's kaweth USB driver, which fails to properly validate the number and types of USB endpoints on devices it probes. This issue can lead to a driver crash when it blindly accesses endpoints, particularly if a malicious device presents an unexpected configuration.

Impact

The vulnerability can cause a denial-of-service condition by crashing the driver when it accesses unverified USB endpoints.

Reproduction

The vulnerability can be reproduced by connecting a malicious USB device to a system running an affected version of the Linux kernel. The device should be configured to present an incorrect number or type of USB endpoints. When the kaweth driver attempts to probe the device, it will fail to validate the endpoints properly, leading to a crash when the driver accesses the unverified endpoints.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.