Описание
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
A flaw was found in the f_printer driver in the Linux kernel. Due to an incorrect use of the USB Gadget API, the printer_write function in the drivers/usb/gadget/function/f_printer.c file can trigger a WARN_ON_ONCE in the usb_ep_queue function in the drivers/usb/gadget/udc/core.c file, resulting in a denial of service.
Отчет
The kernel as shipped by Red Hat Enterprise Linux 8 is not affected by this vulnerability because the f_printer and the USB Gadget driver/API is not enabled. In Red Hat Enterprise Linux 9, the f_printer driver is not enable as well, but the USB Gadget driver/API, where the WARN_ON_ONCE is triggered, is available in the aarch64 architecture.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux ...
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
Уязвимость функции printer_write компонента drivers/usb/gadget/function/f_printer.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3