Linux Kernel Kalmia Driver USB Endpoint Validation Vulnerability

A vulnerability exists in the Linux kernel's Kalmia USB driver, which fails to properly validate the number and types of USB endpoints on devices before establishing a connection. This oversight can lead to a driver crash when it inadvertently accesses non-existent or mismatched endpoints, particularly if a malicious device is involved.

Impact

Exploitation of this vulnerability causes a denial of service by crashing the Kalmia driver when it accesses USB endpoints that have not been properly validated.

Reproduction

The vulnerability can be reproduced by connecting a malicious USB device that does not present the expected endpoints to a system running the affected Linux kernel version. The Kalmia driver will attempt to access the missing or incorrect endpoints, leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.