Volerion logoVolerion
Volerion logoVolerion

Linux Kernel USB Yurex Race Condition Vulnerability in Probe Function

Vulnerability

A race condition vulnerability has been identified in the USB Yurex driver of the Linux kernel. This issue arises because the 'bbu' member of the descriptor is not properly initialized before submitting the URB (USB Request Block) whose completion handler updates the 'bbu' value. As a result, there is a timing window where the probing process can inadvertently overwrite data that has already been retrieved. This vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to data corruption, as the probing process may overwrite previously acquired data due to the uninitialized 'bbu' member.

Reproduction

The vulnerability can be reproduced by loading the USB Yurex driver without the 'bbu' member being initialized. Once the driver is loaded, the URB can be submitted, creating a race condition where the probing process overwrites existing data.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.

Added: May 8, 2026, 8:30 PM
Updated: May 8, 2026, 8:30 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
3.9
remediation
7.7
relevance
7.8
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.