Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Nov 2015 06:18:50 -0500 (EST)
From: Vladis Dronov <>
Subject: CVE request -- [media] usbvision: usbvision_probe() can trigger a
 kernel NULL pointer dereference

If possible, we would like to obtain a CVE-ID for the following security issue.

An out-of-bounds memory access flaw was found in USBVision USB Camera Driver in
usbvision_probe() function in drivers/media/usb/usbvision/usbvision-video.c.
The driver assumes that the interfaces numbers of the USB device are always in
0,1,2,3... order. By using a specially crafted USB device which advertises
out-of-order number on one of its interfaces an unprivileged user with a physical
access can trigger a kernel NULL pointer dereference causing the system to freeze.

Currently there is an effort to create an upstream patch for this driver fixing
this issue.


Vladis Dronov | Red Hat, Inc.
| Product Security Engineer |

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ