Linux Kernel USB F81604 Driver URB Anchoring Vulnerability

A vulnerability exists in the Linux kernel USB F81604 driver related to improper handling of USB Request Blocks (URBs) in the read bulk callback. When a URB using the anchor pattern is submitted, it must be anchored before submission to prevent potential leakage if 'usb_kill_anchored_urbs()' is called. This issue arises because the read bulk callback does not correctly anchor the URB before submission, a step that is properly handled in other parts of the driver. The vulnerability could lead to unintended behavior or resource management issues by allowing URBs to be prematurely terminated without proper anchoring.

Impact

The vulnerability could cause URBs to be leaked if 'usb_kill_anchored_urbs()' is called, potentially leading to resource management issues or unintended behavior in the driver.

Reproduction

The vulnerability can be reproduced by using a Fintek F81604 USB device with a Linux kernel version that includes the affected driver. When the device is used, the read bulk callback will fail to anchor the URB properly before submission, allowing it to be leaked if 'usb_kill_anchored_urbs()' is called.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.