Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-41097 | First vendor Publication | 2024-07-29 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 5.5 | ||
| Base Score | 5.5 | Environmental Score | 5.5 |
| impact SubScore | 3.6 | Temporal Score | 5.5 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | None | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting stage which in turn triggers a warning in usb_submit_urb(). Fix the issue by verifying that required endpoint types are present for both in and out endpoints, taking into account cmd endpoint type. Unfortunately, this patch has not been tested on real hardware. [1] Syzbot report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 ... Call Trace: |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41097 |
CPE : Common Platform Enumeration
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2025-01-08 03:03:50 |
|
| 2025-01-07 03:03:23 |
|
| 2024-12-25 03:02:00 |
|
| 2024-12-12 03:04:58 |
|
| 2024-11-25 09:23:24 |
|
| 2024-11-22 21:22:38 |
|
| 2024-11-21 21:22:10 |
|
| 2024-11-20 02:58:35 |
|
| 2024-11-14 02:58:54 |
|
| 2024-11-09 02:58:55 |
|
| 2024-10-26 02:56:19 |
|
| 2024-10-25 02:58:13 |
|
| 2024-10-23 02:57:26 |
|
| 2024-10-03 02:52:46 |
|
| 2024-10-02 02:51:10 |
|
| 2024-09-15 02:48:55 |
|
| 2024-09-12 02:48:28 |
|
| 2024-09-07 02:47:27 |
|
| 2024-09-06 02:46:37 |
|
| 2024-09-04 02:49:50 |
|
| 2024-08-22 17:27:42 |
|
| 2024-07-29 21:27:27 |
|
