CVE-2024-27001 — Improper Input Validation in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateSep 18
Description
In the Linux kernel, the following vulnerability has been resolved:
comedi: vmk80xx: fix incomplete endpoint checking
While vmk80xx does have endpoint checking implemented, some things
can fall through the cracks. Depending on the hardware model,
URBs can have either bulk or interrupt type, and current version
of vmk80xx_find_usb_endpoints() function does not take that fully
into account. While this warning does not seem to be too harmful,
at the very least it will crash systems with 'panic_on…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux49253d542cc0f5f771dc254d248162a2a666649d — 3a63ae0348d990e137cca04eced5b08379969ea9+8
Also affects: Debian Linux 10.0, Fedora 38, 39, 40
Patches
🔴Vulnerability Details
3OSV▶
CVE-2024-27001: In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint↗2024-05-01
GHSA▶
GHSA-rv5x-862j-q6f6: In the Linux kernel, the following vulnerability has been resolved:
comedi: vmk80xx: fix incomplete endpoint checking
While vmk80xx does have endpoi↗2024-05-01