CVE-2024-50268

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

The "*cmd" variable can be controlled by the user via debugfs. That means
"new_cam" can be as high as 255 while the size of the uc->updated[] array
is UCSI_MAX_ALTMODES (30).

The call tree is:
ucsi_cmd() // val comes from simple_attr_write_xsigned()
-> ucsi_send_command()
-> ucsi_send_command_common()
-> ucsi_run_command() // calls ucsi->ops->sync_control()
-> ucsi_ccg_sync_control()

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-10-21 CVE Reserved
2024-11-19 CVE Published
2024-11-19 CVE Updated
2024-11-19 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
https://git.kernel.org/stable/c/170a6726d0e266f2c8f306e3d61715c32f4ee41e	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/d76923164705821aa1b01b8d9d1741f20c654ab4	2024-11-17
https://git.kernel.org/stable/c/8f47984b35f3be0cfc652c2ca358d5768ea3456b	2024-11-14
https://git.kernel.org/stable/c/604314ecd682913925980dc955caea2d036eab5f	2024-11-14
https://git.kernel.org/stable/c/69e19774f15e12dda6c6c58001d059e30895009b	2024-11-14
https://git.kernel.org/stable/c/3a2ba841659a0f15102585120dea75d8d5209616	2024-11-14
https://git.kernel.org/stable/c/7dd08a0b4193087976db6b3ee7807de7e8316f96	2024-11-05

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.10.230 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.10.230"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 5.15.172 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 5.15.172"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.1.117 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.1.117"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.6.61 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.6.61"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.11.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.11.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.12"		en		Affected