ghsa-3vxm-x76j-8hmh
Vulnerability from github
Published
2025-10-15 21:31
Modified
2025-10-15 21:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

can: mcba_usb: properly check endpoint type

Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. We should check that in endpoint is actually present to prevent this warning.

Found pipes are now saved to struct mcba_priv and code uses them directly instead of making pipes in place.

Fail log:

| usb 5-1: BOGUS urb xfer, pipe 3 != type 1 | WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 | Modules linked in: | CPU: 1 PID: 49 Comm: kworker/1:2 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f #0 | Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 | Workqueue: usb_hub_wq hub_event | RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 | ... | Call Trace: | | mcba_usb_start drivers/net/can/usb/mcba_usb.c:662 [inline] | mcba_usb_probe+0x8a3/0xc50 drivers/net/can/usb/mcba_usb.c:858 | usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396 | call_driver_probe drivers/base/dd.c:517 [inline]

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49151"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: properly check endpoint type\n\nSyzbot reported warning in usb_submit_urb() which is caused by wrong\nendpoint type. We should check that in endpoint is actually present to\nprevent this warning.\n\nFound pipes are now saved to struct mcba_priv and code uses them\ndirectly instead of making pipes in place.\n\nFail log:\n\n| usb 5-1: BOGUS urb xfer, pipe 3 != type 1\n| WARNING: CPU: 1 PID: 49 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| Modules linked in:\n| CPU: 1 PID: 49 Comm: kworker/1:2 Not tainted 5.17.0-rc6-syzkaller-00184-g38f80f42147f #0\n| Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\n| Workqueue: usb_hub_wq hub_event\n| RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n| ...\n| Call Trace:\n|  \u003cTASK\u003e\n|  mcba_usb_start drivers/net/can/usb/mcba_usb.c:662 [inline]\n|  mcba_usb_probe+0x8a3/0xc50 drivers/net/can/usb/mcba_usb.c:858\n|  usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n|  call_driver_probe drivers/base/dd.c:517 [inline]",
  "id": "GHSA-3vxm-x76j-8hmh",
  "modified": "2025-10-15T21:31:39Z",
  "published": "2025-10-15T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49151"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/136bed0bfd3bc9c95c88aafff2d22ecb3a919f23"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5598442edc29e8f6f2380e4b471dc1a3fcd80508"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/88272b4a37913bdf6f339162a7920bd8e9b49de2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b48d1bb3f1ca337ad653022aefb5a40a47dfe5cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cbd110b8dd7ad763bf413f71c0484116ae9302d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef0acc514123140157b19a9ff2e2de5d91d612bc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f2ec3cd0f34f8c3f94bc21fbba14868301c9c49d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa9c1f14002dc0d5293e16a2007bd89b6e79207b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.