CVE-2024-56687: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56687 is a vulnerability in the Linux kernel's USB MUSB driver that was discovered and resolved in December 2024. The issue affects the USB endpoint request handling in the MUSB driver, specifically during the first Rx endpoint request. The vulnerability impacts Linux kernel versions from 5.18 up to (excluding) 6.1.120, from 6.2 up to (excluding) 6.6.64, from 6.7 up to (excluding) 6.11.11, and from 6.12 up to (excluding) 6.12.2 (NVD).

The vulnerability stems from a hardware lockup condition that occurs when a request's callback is invoked from usb_ep_queue(). The issue manifests in a specific sequence where the gadget is initialized using musb_gadget_enable(), and a packet arrives setting the RXPKTRDY flag and raising an interrupt. If IRQs are enabled during this process, the interrupt is handled but finds an empty queue, leading to a potential hardware lockup. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in a hardware lockup condition where the endpoint remains locked up, preventing the interface from receiving any further packets from the USB host. This occurs because while the interrupt triggered by hardware setting the RXPKTRDY flag has been handled, the flag itself remains set, effectively causing a denial of service condition (Kernel Patch).

The issue has been resolved in the Linux kernel through a patch that modifies the musb_ep_restart() function to flush the Rx FIFO instead of calling rxstate(). This solution ensures that the hardware can receive packets when there is at least one request in the queue, though it may cause one or two packets to be dropped if double buffering is enabled. The fix has been backported to affected stable kernel versions (Kernel Patch).