Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Nov 2015 06:43:19 -0500 (EST)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE request -- [media] usbvision: usbvision_probe() can trigger
 a kernel NULL pointer dereference

Greatest apologies, this issue already has CVE-2015-7833 assigned.
Please, disregard previous request.

Vladis Dronov | Red Hat, Inc.
| Product Security Engineer |

----- Original Message -----
From: "Vladis Dronov" <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Sent: Friday, November 13, 2015 12:18:50 PM
Subject: CVE request -- [media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference

Hello,
If possible, we would like to obtain a CVE-ID for the following security issue.

An out-of-bounds memory access flaw was found in USBVision USB Camera Driver in
usbvision_probe() function in drivers/media/usb/usbvision/usbvision-video.c.
The driver assumes that the interfaces numbers of the USB device are always in
0,1,2,3... order. By using a specially crafted USB device which advertises
out-of-order number on one of its interfaces an unprivileged user with a physical
access can trigger a kernel NULL pointer dereference causing the system to freeze.

Currently there is an effort to create an upstream patch for this driver fixing
this issue.

References:
http://seclists.org/bugtraq/2015/Oct/35
http://bugzilla.redhat.com/show_bug.cgi?id=1201858
http://bugzilla.redhat.com/show_bug.cgi?id=1270158

Vladis Dronov | Red Hat, Inc.
| Product Security Engineer |

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ