CVE-2024-57993

low-risk

Published 2025-02-27

In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check syzbot has found a type mismatch between a USB pipe and the transfer endpoint, which is triggered by the hid-thrustmaster driver[1]. There is a number of similar, already fixed issues [2]. In this case as in others, implementing check for endpoint type fixes the issue. [1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470 [2] https://syzkaller.appspot.com/bug?extid=348331f63b034f89b622

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/220883fba32549a34f0734e4859d07f4dcd56992

Patch https://git.kernel.org/stable/c/50420d7c79c37a3efe4010ff9b1bb14bc61ebccf

Patch https://git.kernel.org/stable/c/816e84602900f7f951458d743fa12769635ebfd5

Patch https://git.kernel.org/stable/c/ae730deded66150204c494282969bfa98dc3ae67

Patch https://git.kernel.org/stable/c/e5bcae4212a6a4b4204f46a1b8bcba08909d2007

https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal