5.5
MEDIUM
CVE-2024-40904
"USB CDC-ACM Driver Lockup Vulnerability"
Description

In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625] CPU#0 Utilization every 4s during lockup: #1: 98% system, 0% softirq, 3% hardirq, 0% idle #2: 98% system, 0% softirq, 3% hardirq, 0% idle #3: 98% system, 0% softirq, 3% hardirq, 0% idle #4: 98% system, 0% softirq, 3% hardirq, 0% idle #5: 98% system, 1% softirq, 3% hardirq, 0% idle Modules linked in: irq event stamp: 73096 hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline] hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994 hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582 softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588 CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Testing showed that the problem did not occur if the two error messages -- the first two lines above -- were removed; apparently adding material to the kernel log takes a surprisingly large amount of time. In any case, the best approach for preventing these lockups and to avoid spamming the log with thousands of error messages per second is to ratelimit the two dev_err() calls. Therefore we replace them with dev_err_ratelimited().

INFO

Published Date :

July 12, 2024, 1:15 p.m.

Last Modified :

Sept. 19, 2024, 1:17 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2024-40904 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-40904.

URL Resource
https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94 Patch
https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28 Patch
https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56 Patch
https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46 Patch
https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879 Patch
https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a Patch
https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c Patch
https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-40904 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-40904 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Sep. 19, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94 No Types Assigned https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94 Patch
    Changed Reference Type https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28 No Types Assigned https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28 Patch
    Changed Reference Type https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56 No Types Assigned https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56 Patch
    Changed Reference Type https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46 No Types Assigned https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46 Patch
    Changed Reference Type https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879 No Types Assigned https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879 Patch
    Changed Reference Type https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a No Types Assigned https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a Patch
    Changed Reference Type https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c No Types Assigned https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c Patch
    Changed Reference Type https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c No Types Assigned https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c Patch
    Added CWE NIST NVD-CWE-Other
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.28 up to (excluding) 4.19.317 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.279 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.221 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.162 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.95 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.35 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.9.6 *cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 12, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625] CPU#0 Utilization every 4s during lockup: #1: 98% system, 0% softirq, 3% hardirq, 0% idle #2: 98% system, 0% softirq, 3% hardirq, 0% idle #3: 98% system, 0% softirq, 3% hardirq, 0% idle #4: 98% system, 0% softirq, 3% hardirq, 0% idle #5: 98% system, 1% softirq, 3% hardirq, 0% idle Modules linked in: irq event stamp: 73096 hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline] hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994 hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582 softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588 CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Testing showed that the problem did not occur if the two error messages -- the first two lines above -- were removed; apparently adding material to the kernel log takes a surprisingly large amount of time. In any case, the best approach for preventing these lockups and to avoid spamming the log with thousands of error messages per second is to ratelimit the two dev_err() calls. Therefore we replace them with dev_err_ratelimited().
    Added Reference kernel.org https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-40904 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-40904 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: