Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 23 Feb 2016 22:38:48 -0500 (EST)
From: cve-assign@...re.org
To: alexandru.cornea@...el.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, costel.maxim@...el.com, stern@...land.harvard.edu
Subject: Re: CVE Request: Linux kernel USB hub invalid memory access in hub_activate()

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Quickly plugging in and unplugging a USB hub can lead to a null
> pointer dereference in kernel (local denial of service) or the USB
> port to which the hub is connected becomes unusable, for kernel
> versions 2.6.32 < 4.4. The issue occurs when the USB hub gets
> disconnected before or while the routine for USB hub activation is
> running - hub_activate() function.
> 
> Bug reported on the kernel USB mailing list:
> http://www.spinics.net/lists/linux-usb/msg132311.html
> 
> Issue is fixed in kernel 4.4, by commit:
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea

>> This patch fixes the problem by taking a reference to the usb_hub at
>> the start of hub_activate() and releasing it at the end (when the work
>> is finished), and by locking the hub interface while the work routine
>> is running. It also adds a check at the start of the routine to see if
>> the hub has already been disconnected, in which nothing should be
>> done.

Use CVE-2015-8816.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWzSUDAAoJEL54rhJi8gl5mokQAJjfrH2LsZTYKCaO4JWi60x9
l+CQdmkmlwGwr+jc+ijq6IuXroeNCJ9qKoGx+0u6Rl6XjRU9pTnga1NhIuRuO4SB
8vUcoZa4upHCtPzgHDZ0xKjR890UlUzIzi5WCqbZsqR3DzU9KK62qAh54C5idoLw
JBs3Jm6sf+LSRMwJs9nlSsTE+OlbgqaPOmzUcEs1vuxROffYLeh8FL4On3iEbL7G
LPEO/yIkqOAltYAoBGlMHnFXcaeXr9UNRKTJ5KkxCV+rR68Nvu5/lQDdNB7xEdZn
iL1Zg81+uJj6A7xHq21SRj4HtOEgsqGvSp1yxRmi6M1LeTEt95HL7Y1vc0NWKOza
N4D9AeHneUz+/DwzBTBWFoSF3qrkcQU9BjN9VZes+DH4PFlSRERdT31gDmiEzmv3
ohh3dc0AT0P7WL2mR3fA2RvtbC0B4I6BgKjSGoQ4em25dk6CJkamIZnZvkXKVAiK
9TOWbOJcFX5YwBKhwMF8Sjrt8VXnyLXaP7k3R1QiLcvLZEnuIrp+9FTyoVghCdcx
UaYeC6XQ10Fsj7DP06YYpTjAyzyY9T6I1sWYgYWUz/I1G2hUUvalDdkNqDaP0qgw
15BnBjNFqywSDIf2ecsMviDbPfbauHrXWG72SgsvHTiCmlMu9PxPbDLvCGcsZbEA
RYaRhm3fjTEoCcb/0Qb7
=gSr5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ