We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-21916

usb: atm: cxacru: fix a flaw in existing endpoint checks



Description

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. This time the issue stems from a commit authored by me (2eabb655a968 ("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")). While using usb_find_common_endpoints() may usually be enough to discard devices with wrong endpoints, in this case one needs more than just finding and identifying the sufficient number of endpoints of correct types - one needs to check the endpoint's address as well. Since cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind, switch the endpoint verification approach to usb_check_XXX_endpoints() instead to fix incomplete ep testing. [1] Syzbot report: usb 5-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... RIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649 cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline] cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223 usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058 cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377 usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396 really_probe+0x2b9/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 ...

Reserved 2024-12-29 | Published 2025-04-01 | Updated 2025-05-04 | Assigner Linux

Product status

Default status
unaffected

23926d316d2836315cb113569f91393266eb5b47 before dcd592ab9dd8a2bfc36e75583b9006db2a77ec24
affected

75ddbf776dd04a09fb9e5267ead5d0c989f84506 before 319529e0356bd904528c64647725a2272d297c83
affected

1aac4be1aaa5177506219f01dce5e29194e5e95a before bf4409f84023b52b5e9b36c0a071a121eee42138
affected

5584c776a1af7807ca815ee6265f2c1429fc5727 before 197e78076c5ecd895f109158c4ea2954b9919af6
affected

f536f09eb45e4de8d1b9accee9d992aa1846f1d4 before a0475a885d69849b1ade38add6d64338dfa83a8f
affected

2eabb655a968b862bc0c31629a09f0fbf3c80d51 before cfc295f7cccf66cbd5123416bcf1bee2e1bd37de
affected

2eabb655a968b862bc0c31629a09f0fbf3c80d51 before 903b80c21458bb1e34c3a78c5fdc553821e357f8
affected

2eabb655a968b862bc0c31629a09f0fbf3c80d51 before c90aad369899a607cfbc002bebeafd51e31900cd
affected

5159a81924311c1ec786ad9fdef784ead8676a6a
affected

ac9007520e392541a29daebaae8b9109007bc781
affected

Default status
affected

6.10
affected

Any version before 6.10
unaffected

5.4.291
unaffected

5.10.235
unaffected

5.15.179
unaffected

6.1.131
unaffected

6.6.83
unaffected

6.12.19
unaffected

6.13.7
unaffected

6.14
unaffected

References

git.kernel.org/...c/dcd592ab9dd8a2bfc36e75583b9006db2a77ec24

git.kernel.org/...c/319529e0356bd904528c64647725a2272d297c83

git.kernel.org/...c/bf4409f84023b52b5e9b36c0a071a121eee42138

git.kernel.org/...c/197e78076c5ecd895f109158c4ea2954b9919af6

git.kernel.org/...c/a0475a885d69849b1ade38add6d64338dfa83a8f

git.kernel.org/...c/cfc295f7cccf66cbd5123416bcf1bee2e1bd37de

git.kernel.org/...c/903b80c21458bb1e34c3a78c5fdc553821e357f8

git.kernel.org/...c/c90aad369899a607cfbc002bebeafd51e31900cd

cve.org (CVE-2025-21916)

nvd.nist.gov (CVE-2025-21916)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-21916

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.