CVE-2024-41035
- Source
- https://cve.org/CVERecord?id=CVE-2024-41035
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41035.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-41035
- Downstream
- Related
- Published
- 2024-07-29T14:31:49.876Z
- Modified
- 2026-03-13T07:57:16.096129Z
- Summary
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result of the bug, the endpointisduplicate() routine in config.c (and possibly other routines as well) may believe that two descriptors are for distinct endpoints, even though they have the same direction and endpoint number. This can lead to confusion, including the bug identified by syzbot (two descriptors with matching endpoint numbers and directions, where one was interrupt and the other was bulk).
To fix the bug, we will clear the reserved bits in bEndpointAddress when we parse the descriptor. (Note that both the USB-2.0 and USB-3.1 specs say these bits are "Reserved, reset to zero".) This requires us to make a copy of the descriptor earlier in usbparseendpoint() and use the copy instead of the original when checking for duplicates.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41035.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2bd8534a1b83c65702aec3cab164170f8e584188
- https://git.kernel.org/stable/c/37514a5c1251a8c5c95c323f55050736e7069ac7
- https://git.kernel.org/stable/c/60abea505b726b38232a0ef410d2bd1994a77f78
- https://git.kernel.org/stable/c/647d61aef106dbed9c70447bcddbd4968e67ca64
- https://git.kernel.org/stable/c/9edcf317620d7c6a8354911b69b874cf89716646
- https://git.kernel.org/stable/c/a368ecde8a5055b627749b09c6218ef793043e47
- https://git.kernel.org/stable/c/d09dd21bb5215d583ca9a1cb1464dbc77a7e88cf
- https://git.kernel.org/stable/c/d8418fd083d1b90a6c007cf8dcf81aeae274727b
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41035.json
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-41035
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0a8fd1346254974c3a852338508e4a4cddbb35f1Fixedd8418fd083d1b90a6c007cf8dcf81aeae274727bFixed60abea505b726b38232a0ef410d2bd1994a77f78Fixedd09dd21bb5215d583ca9a1cb1464dbc77a7e88cfFixed2bd8534a1b83c65702aec3cab164170f8e584188Fixed9edcf317620d7c6a8354911b69b874cf89716646Fixed647d61aef106dbed9c70447bcddbd4968e67ca64Fixed37514a5c1251a8c5c95c323f55050736e7069ac7Fixeda368ecde8a5055b627749b09c6218ef793043e47
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedc3726b442527ab31c7110d0445411f5b5343db01Last affected15668b4354b38b41b316571deed2763d631b2977Last affected8597a9245181656ae2ef341906e5f40af323fbcaLast affected264024a2676ba7d91fe7b1713b2c32d1b0b508cbLast affectedb0de742a1be16b76b534d088682f18cf57f012d2Last affected7cc00abef071a8a7d0f4457b7afa2f57f683d83fLast affected05b0f2fc3c2f9efda47439557e0d51faca7e43ed