In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usbhubtostructhub() to dereference a NULL or inappropriate pointer: Oops: general protection fault, probably for non-canonical address 0xcccccccccccccccc: 0000 [#1] SMP DEBUGPAGEALLOC PTI CPU: 7 UID: 0 PID: 117 Comm: kworker/7:1 Not tainted 6.13.0-rc3-00017-gf44d154d6e3d #14 Hardware name: FreeBSD BHYVE/BHYVE, BIOS 14.0 10/17/2021 Workqueue: usbhubwq hubevent RIP: 0010:usbhubadjustdeviceremovable+0x78/0x110 ... Call Trace: <TASK> ? dieaddr+0x31/0x80 ? excgeneralprotection+0x1b4/0x3c0 ? asmexcgeneralprotection+0x26/0x30 ? usbhubadjustdeviceremovable+0x78/0x110 hubprobe+0x7c7/0xab0 usbprobeinterface+0x14b/0x350 reallyprobe+0xd0/0x2d0 ? pfxdeviceattachdriver+0x10/0x10 _driverprobedevice+0x6e/0x110 driverprobedevice+0x1a/0x90 _deviceattachdriver+0x7e/0xc0 busforeachdrv+0x7f/0xd0 _deviceattach+0xaa/0x1a0 busprobedevice+0x8b/0xa0 deviceadd+0x62e/0x810 usbsetconfiguration+0x65d/0x990 usbgenericdriverprobe+0x4b/0x70 usbprobedevice+0x36/0xd0 The cause of this error is that the device has two interfaces, and the hub driver binds to interface 1 instead of interface 0, which is where usbhubtostructhub() looks. We can prevent the problem from occurring by refusing to accept hub devices that violate the USB spec by having more than one configuration or interface.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-7.7", "binary_name": "linux-bpf-dev" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-buildinfo-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-buildinfo-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-cloud-tools-6.14.0-7" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-cloud-tools-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-cloud-tools-common" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-doc" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-headers-6.14.0-7" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-headers-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-headers-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-6.14.0-7-generic-dbgsym" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-unsigned-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-unsigned-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-unsigned-6.14.0-7-generic-64k-dbgsym" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-image-unsigned-6.14.0-7-generic-dbgsym" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-lib-rust-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-libc-dev" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-extra-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-usbio-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-modules-vision-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-source-6.14.0" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-6.14.0-7" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-6.14.0-7-generic-64k" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-common" }, { "binary_version": "6.14.0-7.7", "binary_name": "linux-tools-host" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1003.3", "binary_name": "linux-aws-cloud-tools-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-aws-headers-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-aws-tools-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-buildinfo-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-cloud-tools-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-headers-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-image-unsigned-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-image-unsigned-6.14.0-1003-aws-dbgsym" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-modules-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-modules-extra-6.14.0-1003-aws" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-tools-6.14.0-1003-aws" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1002.2", "binary_name": "linux-azure-cloud-tools-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-azure-headers-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-azure-tools-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-cloud-tools-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-azure-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-azure" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-azure" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-gcp-headers-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-gcp-tools-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-64k-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-gcp-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-gcp-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-gcp" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-gcp-64k" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-buildinfo-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-headers-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-64k-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-image-unsigned-6.14.0-1002-oracle-dbgsym" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-modules-extra-6.14.0-1002-oracle-64k" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-oracle-headers-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-oracle-tools-6.14.0-1002" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-oracle" }, { "binary_version": "6.14.0-1002.2", "binary_name": "linux-tools-6.14.0-1002-oracle-64k" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1003.3", "binary_name": "linux-buildinfo-6.14.0-1003-raspi" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-headers-6.14.0-1003-raspi" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-image-6.14.0-1003-raspi" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-image-6.14.0-1003-raspi-dbgsym" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-modules-6.14.0-1003-raspi" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-raspi-headers-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-raspi-tools-6.14.0-1003" }, { "binary_version": "6.14.0-1003.3", "binary_name": "linux-tools-6.14.0-1003-raspi" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-1001.1", "binary_name": "linux-buildinfo-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-cloud-tools-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-headers-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-image-unsigned-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-image-unsigned-6.14.0-1001-realtime-dbgsym" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-modules-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-modules-extra-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-modules-iwlwifi-6.14.0-1001-realtime" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-realtime-cloud-tools-6.14.0-1001" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-realtime-headers-6.14.0-1001" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-realtime-tools-6.14.0-1001" }, { "binary_version": "6.14.0-1001.1", "binary_name": "linux-tools-6.14.0-1001-realtime" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-buildinfo-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-headers-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-image-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-image-6.14.0-7-generic-dbgsym" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-modules-6.14.0-7-generic" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-riscv-headers-6.14.0-7" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-riscv-tools-6.14.0-7" }, { "binary_version": "6.14.0-7.7.1", "binary_name": "linux-tools-6.14.0-7-generic" } ] }