Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Feb 2016 13:41:06 +0000
From: "Cornea, Alexandru" <>
To: "" <>
CC: "Maxim, Costel" <>, Alan Stern
Subject: CVE Request: Linux kernel USB hub invalid memory access in


    Quickly plugging in and unplugging a USB hub can lead to a null pointer dereference in kernel (local denial of service) or the USB port to which the hub is connected becomes unusable, for kernel versions 2.6.32 < 4.4.
    The issue occurs when the USB hub gets disconnected before or while the routine for USB hub activation is running - hub_activate() function.

Bug reported on the kernel USB mailing list:

Issue is fixed in kernel 4.4, by commit:

Could a CVE please be assigned to this issue? (it has not been previously requested anywhere else)



Alexandru Cornea
Security QA Engineer
Intel SSG OTC Romania

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ