Bug 1219832 (CVE-2024-25741) - VUL-0: CVE-2024-25741: kernel: possible denial of service in printer_write in drivers/usb/gadget/function/f_printer.c
Summary: VUL-0: CVE-2024-25741: kernel: possible denial of service in printer_write in...
Status: IN_PROGRESS
Alias: CVE-2024-25741
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/393677/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-25741:4.7:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-12 13:04 UTC by SMASH SMASH
Modified: 2024-07-04 13:14 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
brutal proposal (3.00 KB, patch)
2024-03-13 15:18 UTC, Oliver Neukum 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-02-12 13:04:39 UTC 
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25741
https://www.cve.org/CVERecord?id=CVE-2024-25741
https://www.spinics.net/lists/linux-usb/msg252167.html
Comment 2 Oliver Neukum 2024-03-13 15:18:59 UTC 
Created attachment 873480 [details]
brutal proposal
Comment 3 Oliver Neukum 2024-03-19 10:05:44 UTC 
For the record:

Fix has been submitted to upstream, waiting for response
Comment 4 Andrea Mattiazzo 2024-03-28 09:49:25 UTC 
Thanks for the patch Oliver.

Tracking as affected:
 - ALP-current
 - SLE15-SP5
 - SLE15-SP6
 - SLE15-SP6-GA
 - stable

Affected but CVSS<7:
 - SLE15-SP3-LTSS
 - SLE15-SP4-LTSS
 - cve/linux-5.14-LTSS

CONFIG_USB_F_PRINTER is configured only on codestreams after SLE15-SP3