CVE-2024-40904

MEDIUM EPSS 21.0%
Published Jul 12, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 12, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625] CPU#0 Utilization every 4s during lockup: #1: 98% system, 0% softirq, 3% hardirq, 0% idle #2: 98% system, 0% softirq, 3% hardirq, 0% idle #3: 98% system, 0% softirq, 3% hardirq, 0% idle #4: 98% system, 0% softirq, 3% hardirq, 0% idle #5: 98% system, 1% softirq, 3% hardirq, 0% idle Modules linked in: irq event stamp: 73096 hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline] hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994 hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582 softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588 CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Testing showed that the problem did not occur if the two error messages -- the first two lines above -- were removed; apparently adding material to the kernel log takes a surprisingly large amount of time. In any case, the best approach for preventing these lockups and to avoid spamming the log with thousands of error messages per second is to ratelimit the two dev_err() calls. Therefore we replace them with dev_err_ratelimited().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
21.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥2.6.28  –  <4.19.317
linuxlinux_kernel*≥4.20  –  <5.4.279
linuxlinux_kernel*≥5.5  –  <5.10.221
linuxlinux_kernel*≥5.11  –  <5.15.162
linuxlinux_kernel*≥5.16  –  <6.1.95
linuxlinux_kernel*≥6.2  –  <6.6.35
linuxlinux_kernel*≥6.7  –  <6.9.6
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any
linuxlinux_kernel6.10any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c
    Patch