Date: Fri, 13 Nov 2015 06:18:50 -0500 (EST) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request -- [media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference Hello, If possible, we would like to obtain a CVE-ID for the following security issue. An out-of-bounds memory access flaw was found in USBVision USB Camera Driver in usbvision_probe() function in drivers/media/usb/usbvision/usbvision-video.c. The driver assumes that the interfaces numbers of the USB device are always in 0,1,2,3... order. By using a specially crafted USB device which advertises out-of-order number on one of its interfaces an unprivileged user with a physical access can trigger a kernel NULL pointer dereference causing the system to freeze. Currently there is an effort to create an upstream patch for this driver fixing this issue. References: http://seclists.org/bugtraq/2015/Oct/35 http://bugzilla.redhat.com/show_bug.cgi?id=1201858 http://bugzilla.redhat.com/show_bug.cgi?id=1270158 Vladis Dronov | Red Hat, Inc. | Product Security Engineer |
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ