CVE-2024-57993: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57993 affects the Linux kernel's HID (Human Interface Device) Thrustmaster driver. The vulnerability was discovered by syzbot and involves a type mismatch between a USB pipe and the transfer endpoint in the hid-thrustmaster driver. This issue was disclosed in February 2025 and affects the Linux kernel's HID subsystem (NVD, Kernel Git).

The vulnerability exists in the thrustmaster_probe function of the hid-thrustmaster driver. The issue stems from a missing endpoint type check when handling USB transfers, which could lead to incorrect endpoint type usage. The fix involves implementing a check for endpoint type using usb_check_int_endpoints() function to verify that the expected endpoints are present and of the correct type (Kernel Git).

When triggered, the vulnerability can cause a type mismatch between the USB pipe and transfer endpoint, potentially leading to system instability or incorrect device operation. The issue affects systems using Thrustmaster USB devices with the Linux kernel (NVD).

A fix has been implemented and committed to the Linux kernel. The patch adds an endpoint check in the thrustmaster_probe function to verify endpoint types before proceeding with USB transfers. Users should update their Linux kernel to a version containing this fix (Kernel Git).