製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux の Linux Kernel 等複数ベンダの製品における脆弱性

Title	Linux の Linux Kernel 等複数ベンダの製品における脆弱性
Summary	Linux の Linux Kernel 等複数ベンダの製品には、不特定の脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 11, 2024, midnight
Registration Date	Dec. 25, 2025, 2:39 p.m.
Last Update	Dec. 25, 2025, 2:39 p.m.

CVSS3.0 : 警告
Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected System

Debian

Debian GNU/Linux 10.0

Fedora Project

Fedora 38

Fedora 39

Fedora 40

Linux

Linux Kernel 3.9 以上 4.19.313 未満

Linux Kernel 4.20 以上 5.4.275 未満

Linux Kernel 5.11 以上 5.15.157 未満

Linux Kernel 5.16 以上 6.1.88 未満

Linux Kernel 5.5 以上 5.10.216 未満

Linux Kernel 6.2 以上 6.6.29 未満

Linux Kernel 6.7 以上 6.8.8 未満

Linux Kernel 6.9

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-27001	https://www.cve.org/CVERecord?id=CVE-2024-27001
National Vulnerability Database (NVD)
2	CVE-2024-27001	https://nvd.nist.gov/vuln/detail/CVE-2024-27001

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 3840-1] linux security update	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
2	[SECURITY] [DLA 3842-1] linux-5.10 security update	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Fedora Update Notification
3	FEDORA-2024-010fe8772a	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
4	FEDORA-2024-bc0db39a14	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
5	FEDORA-2024-f35f9525d6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
Kernel.org git repositories
6	comedi: vmk80xx: fix incomplete endpoint checking (3a63ae0)	https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9
7	comedi: vmk80xx: fix incomplete endpoint checking (59f33af)	https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696
8	comedi: vmk80xx: fix incomplete endpoint checking (6ec3514)	https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2
9	comedi: vmk80xx: fix incomplete endpoint checking (a3b8ae7)	https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b
10	comedi: vmk80xx: fix incomplete endpoint checking (ac882d6)	https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b
11	comedi: vmk80xx: fix incomplete endpoint checking (b0b268e)	https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f
12	comedi: vmk80xx: fix incomplete endpoint checking (d171853)	https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8
13	comedi: vmk80xx: fix incomplete endpoint checking (f15370e)	https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54
Linux Kernel
14	Linux Kernel Archives	https://www.kernel.org

Change Log

No	Changed Details	Date of change
1	[2025年12月25日] 掲載	Dec. 25, 2025, 10:45 a.m.

NVD Vulnerability Information

CVE-2024-27001

Summary	In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall through the cracks. Depending on the hardware model, URBs can have either bulk or interrupt type, and current version of vmk80xx_find_usb_endpoints() function does not take that fully into account. While this warning does not seem to be too harmful, at the very least it will crash systems with 'panic_on_warn' set on them. Fix the issue found by Syzkaller [1] by somewhat simplifying the endpoint checking process with usb_find_common_endpoints() and ensuring that only expected endpoint types are present. This patch has not been tested on real hardware. [1] Syzkaller report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline] vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818 comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067 usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399 ... Similar issue also found by Syzkaller:
Publication Date	May 1, 2024, 3:15 p.m.
Registration Date	May 1, 2024, 8 p.m.
Last Update	Nov. 21, 2024, 6:03 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9
2	https://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9
3	https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696
4	https://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696
5	https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2
6	https://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2
7	https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b
8	https://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b
9	https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b
10	https://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b
11	https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f
12	https://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f
13	https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8
14	https://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8
15	https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54
16	https://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54
17	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
18	https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Common Vulnerabilities List