CVE-2024-42244: USB Serial Resume Crash Fix in Linux Kernel (mos784)

A vulnerability has been identified and resolved in the Linux kernel, specifically in the USB serial driver (mos784). The issue could lead to system crashes when resuming from suspended states. This article will detail the vulnerability, provide a code snippet showcasing the problem and the fix, and link to original references.

Exploit Details

The issue was first introduced with commit c49cfa917025, when the USB serial core started using a generic method if no other alternative was provided in the USB serial layer. This method causes a crash on resume with the mos784 driver in certain situations, as support for multiple read URBs (USB Request Blocks) was added in 2011.

The problem occurs when both port read URBs are submitted on resume for open ports, but the context pointer of the second URB remains set to the core, instead of being set to the mos784 port structure. The crash occurs due to this incorrect pointer assignment.

Code Snippet (vulnerable)

(Note: This is a shortened illustration of the issue, full code can be found in the original references)

static int mos784_resume(struct usb_serial *serial)
{
    ...
}

The above-mentioned approach relies on the USB serial core's generic method, which submits the URBs and leads to the crash.

Code Snippet (fixed)

The vulnerability can be fixed by implementing dedicated suspend and resume functions for mos784, as demonstrated below:

static int mos784_suspend(struct usb_serial *serial, pm_message_t message)
{
    ...
}

static int mos784_resume(struct usb_serial *serial)
{
    ...
}

By creating dedicated functions for suspend and resume, the process can be controlled explicitly, and the crash can be avoided.

Original References

1. Full source code of the Linux kernel: https://github.com/torvalds/linux
2. Commit c49cfa917025: https://github.com/torvalds/linux/commit/c49cfa917025
3. USB Serial layer documentation: https://www.linux-usb.org/USB-guide/x194.html
4. USB Request Block (URB) explanation: http://www.linux-usb.org/usbguide/x291.html

Conclusion

The CVE-2024-42244 vulnerability in the mos784 USB serial driver has been fixed in the Linux kernel. This fix prevents potential crashes when resuming from suspended states. It is important to regularly update and patch your Linux kernel to ensure that your system remains secure and reliable.

Timeline

Published on: 08/07/2024 16:15:47 UTC
Last modified on: 08/08/2024 14:53:27 UTC