Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 23 Feb 2016 22:38:48 -0500 (EST)
From: cve-assign@...re.org
To: alexandru.cornea@...el.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, costel.maxim@...el.com, stern@...land.harvard.edu
Subject: Re: CVE Request: Linux kernel USB hub invalid memory access in hub_activate()

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quickly plugging in and unplugging a USB hub can lead to a null
> pointer dereference in kernel (local denial of service) or the USB
> port to which the hub is connected becomes unusable, for kernel
> versions 2.6.32 < 4.4. The issue occurs when the USB hub gets
> disconnected before or while the routine for USB hub activation is
> running - hub_activate() function.
> 
> Bug reported on the kernel USB mailing list:
> http://www.spinics.net/lists/linux-usb/msg132311.html
> 
> Issue is fixed in kernel 4.4, by commit:
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea

>> This patch fixes the problem by taking a reference to the usb_hub at
>> the start of hub_activate() and releasing it at the end (when the work
>> is finished), and by locking the hub interface while the work routine
>> is running. It also adds a check at the start of the routine to see if
>> the hub has already been disconnected, in which nothing should be
>> done.

Use CVE-2015-8816.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWzSUDAAoJEL54rhJi8gl5mokQAJjfrH2LsZTYKCaO4JWi60x9
l+CQdmkmlwGwr+jc+ijq6IuXroeNCJ9qKoGx+0u6Rl6XjRU9pTnga1NhIuRuO4SB
8vUcoZa4upHCtPzgHDZ0xKjR890UlUzIzi5WCqbZsqR3DzU9KK62qAh54C5idoLw
JBs3Jm6sf+LSRMwJs9nlSsTE+OlbgqaPOmzUcEs1vuxROffYLeh8FL4On3iEbL7G
LPEO/yIkqOAltYAoBGlMHnFXcaeXr9UNRKTJ5KkxCV+rR68Nvu5/lQDdNB7xEdZn
iL1Zg81+uJj6A7xHq21SRj4HtOEgsqGvSp1yxRmi6M1LeTEt95HL7Y1vc0NWKOza
N4D9AeHneUz+/DwzBTBWFoSF3qrkcQU9BjN9VZes+DH4PFlSRERdT31gDmiEzmv3
ohh3dc0AT0P7WL2mR3fA2RvtbC0B4I6BgKjSGoQ4em25dk6CJkamIZnZvkXKVAiK
9TOWbOJcFX5YwBKhwMF8Sjrt8VXnyLXaP7k3R1QiLcvLZEnuIrp+9FTyoVghCdcx
UaYeC6XQ10Fsj7DP06YYpTjAyzyY9T6I1sWYgYWUz/I1G2hUUvalDdkNqDaP0qgw
15BnBjNFqywSDIf2ecsMviDbPfbauHrXWG72SgsvHTiCmlMu9PxPbDLvCGcsZbEA
RYaRhm3fjTEoCcb/0Qb7
=gSr5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.