CVE-2024-25741: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-25741 affects the Linux kernel through version 6.7.4, specifically in the printer_write function within drivers/usb/gadget/function/f_printer.c. The vulnerability was discovered by Chenyuan Yang and was publicly disclosed on February 11, 2024. The issue affects the USB Gadget subsystem in the Linux kernel, where the printer_write function does not properly call usb_ep_queue (NVD, Ubuntu).

The vulnerability stems from an incorrect use of the USB Gadget API, where the printer_write function fails to properly check for the device to be enabled before writing. This triggers a WARNING condition in usb_ep_queue at drivers/usb/gadget/udc/core.c:295. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could allow local attackers to cause a denial of service condition in the affected system. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (Ubuntu).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has fixed the issue in various kernel versions including 6.8.0-48.48 for Ubuntu 24.04 LTS and 5.15.0-121.131 for Ubuntu 22.04 LTS. Users are advised to update their systems to the patched versions (Ubuntu).