{"api_version":"1","generated_at":"2026-07-02T06:46:32+00:00","cve":"CVE-2024-38567","urls":{"html":"https://cve.report/CVE-2024-38567","api":"https://cve.report/api/cve/CVE-2024-38567.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-38567","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-38567"},"summary":{"title":"wifi: carl9170: add a proper sanity check for endpoints","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n <TASK>\n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n </TASK>\n\n[2] Related syzkaller crashes:","state":"PUBLISHED","assigner":"Linux","published_at":"2024-06-19 14:15:16","updated_at":"2026-05-12 12:16:53"},"problem_types":["NVD-CWE-noinfo"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd","name":"https://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0","name":"https://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd","name":"https://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7","name":"https://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f","name":"https://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582","name":"https://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c","name":"https://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","name":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d","name":"https://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645","name":"https://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-38567","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38567","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c eb0f2fc3ff5806cc572cd9055ce7c52a01e97645 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c ac3ed46a8741d464bc70ebdf7433c1d786cf329d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c 8650725bb0a48b206d5a8ddad3a7488f9a5985b7 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c 6a9892bf24c906b4d6b587f8759ca38bff672582 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c 265c3cda471c26e0f25d0c755da94e1eb15d7a0c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c 62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c 03ddc74bdfd71b84a55c9f2185d8787f258422cd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c 0fa08a55201ab9be72bacb8ea93cf752d338184f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected a84fab3cbfdc427e7d366f1cc844f27b2084c26c b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2.6.37","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 2.6.37 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.19.316 4.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.4.278 5.4.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.219 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.161 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.93 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.33 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.8.12 6.8.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.9.3 6.9.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.10 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","version":"affected * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"38567","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-04T17:21:31.173Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2024-38567","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-09-10T17:14:28.409371Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-09-11T17:34:56.503Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"defaultStatus":"unknown","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T11:54:42.103Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/wireless/ath/carl9170/usb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"eb0f2fc3ff5806cc572cd9055ce7c52a01e97645","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"},{"lessThan":"ac3ed46a8741d464bc70ebdf7433c1d786cf329d","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"},{"lessThan":"8650725bb0a48b206d5a8ddad3a7488f9a5985b7","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"},{"lessThan":"6a9892bf24c906b4d6b587f8759ca38bff672582","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"},{"lessThan":"265c3cda471c26e0f25d0c755da94e1eb15d7a0c","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"},{"lessThan":"62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"},{"lessThan":"03ddc74bdfd71b84a55c9f2185d8787f258422cd","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"},{"lessThan":"0fa08a55201ab9be72bacb8ea93cf752d338184f","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"},{"lessThan":"b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0","status":"affected","version":"a84fab3cbfdc427e7d366f1cc844f27b2084c26c","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/net/wireless/ath/carl9170/usb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"2.6.37"},{"lessThan":"2.6.37","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"4.19.*","status":"unaffected","version":"4.19.316","versionType":"semver"},{"lessThanOrEqual":"5.4.*","status":"unaffected","version":"5.4.278","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.219","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.161","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.93","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.33","versionType":"semver"},{"lessThanOrEqual":"6.8.*","status":"unaffected","version":"6.8.12","versionType":"semver"},{"lessThanOrEqual":"6.9.*","status":"unaffected","version":"6.9.3","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.10","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.19.316","versionStartIncluding":"2.6.37","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.278","versionStartIncluding":"2.6.37","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.219","versionStartIncluding":"2.6.37","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.161","versionStartIncluding":"2.6.37","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.93","versionStartIncluding":"2.6.37","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.33","versionStartIncluding":"2.6.37","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.8.12","versionStartIncluding":"2.6.37","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.3","versionStartIncluding":"2.6.37","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.10","versionStartIncluding":"2.6.37","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n <TASK>\n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n </TASK>\n\n[2] Related syzkaller crashes:"}],"providerMetadata":{"dateUpdated":"2026-05-11T20:19:12.615Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645"},{"url":"https://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d"},{"url":"https://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7"},{"url":"https://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582"},{"url":"https://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c"},{"url":"https://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd"},{"url":"https://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd"},{"url":"https://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f"},{"url":"https://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0"}],"title":"wifi: carl9170: add a proper sanity check for endpoints","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2024-38567","datePublished":"2024-06-19T13:35:34.254Z","dateReserved":"2024-06-18T19:36:34.923Z","dateUpdated":"2026-05-12T11:54:42.103Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-06-19 14:15:16","lastModifiedDate":"2026-05-12 12:16:53","problem_types":["NVD-CWE-noinfo"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.37","versionEndExcluding":"4.19.316","matchCriteriaId":"8DF8C76F-25E4-4924-8D2F-6B6025656C84"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.278","matchCriteriaId":"7FDBF235-DA18-49A1-8690-6C7272FD0701"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.219","matchCriteriaId":"E9063AF3-D593-43B7-810D-58B87F82F9F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.161","matchCriteriaId":"31130639-53FE-4726-8986-434EE2528CB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.93","matchCriteriaId":"EEFB78EE-F990-4197-BF1C-156760A55667"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.33","matchCriteriaId":"FCE796DF-3B50-4DC6-BAE5-95271068FC9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.8.12","matchCriteriaId":"80550309-67AB-4FD1-AC07-3DED5C4F01B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.9.3","matchCriteriaId":"E07124C1-19E8-4D21-828D-9932A01D3011"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"38567","Ordinal":"1","Title":"wifi: carl9170: add a proper sanity check for endpoints","CVE":"CVE-2024-38567","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"38567","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: carl9170: add a proper sanity check for endpoints\n\nSyzkaller reports [1] hitting a warning which is caused by presence\nof a wrong endpoint type at the URB sumbitting stage. While there\nwas a check for a specific 4th endpoint, since it can switch types\nbetween bulk and interrupt, other endpoints are trusted implicitly.\nSimilar warning is triggered in a couple of other syzbot issues [2].\n\nFix the issue by doing a comprehensive check of all endpoints\ntaking into account difference between high- and full-speed\nconfiguration.\n\n[1] Syzkaller report:\n...\nWARNING: CPU: 0 PID: 4721 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\n...\nCall Trace:\n <TASK>\n carl9170_usb_send_rx_irq_urb+0x273/0x340 drivers/net/wireless/ath/carl9170/usb.c:504\n carl9170_usb_init_device drivers/net/wireless/ath/carl9170/usb.c:939 [inline]\n carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]\n carl9170_usb_firmware_step2+0x175/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028\n request_firmware_work_func+0x130/0x240 drivers/base/firmware_loader/main.c:1107\n process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289\n worker_thread+0x669/0x1090 kernel/workqueue.c:2436\n kthread+0x2e8/0x3a0 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308\n </TASK>\n\n[2] Related syzkaller crashes:","Type":"Description","Title":"wifi: carl9170: add a proper sanity check for endpoints"}]}}}