Описание
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services.
Reject such service connection responses.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services.
Reject such service connection responses.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-53185
- https://git.kernel.org/stable/c/061b0cb9327b80d7a0f63a33e7c3e2a91a71f142
- https://git.kernel.org/stable/c/09740fa9827cfbaf23ecd041e602a426f99be888
- https://git.kernel.org/stable/c/1044187e7249073f719ebbf9e5ffb4f16f99e555
- https://git.kernel.org/stable/c/4dc3560561a08842b4a4c07ccc5a90e5067dbb5b
- https://git.kernel.org/stable/c/6a444dffb75238c47d2d852f12cf53f12ad2cba8
- https://git.kernel.org/stable/c/95b4b940f0fb2873dcedad81699e869eb7581c85
- https://git.kernel.org/stable/c/9e3031eea2d45918dc44cbfc6a6029e82882916f
- https://git.kernel.org/stable/c/be2a546c30fe8d72efa032bee612363bb75314bd
- https://git.kernel.org/stable/c/db8df00cd6d801b3abdb145201c2bdd1c665f585
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services. Reject such service connection responses. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services. Reject such service connection responses. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTC_CTRL_RSVD_SVC and should not be modified to be used for any other services. Reject such service connection responses. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
In the Linux kernel, the following vulnerability has been resolved: w ...
