Date: Sun, 28 Feb 2016 14:21:07 -0500 (EST) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver Hello, >> We don't really understand "An upstream patch" here. Indeed, the correct commit is cac9b50b0d. I'm sorry for the error. We will use CVE-2016-2782, thank you. Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer ----- Original Message ----- From: cve-assign@...re.org To: vdronov@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Sent: Sunday, February 28, 2016 7:41:39 PM Subject: [oss-security] Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > A local kernel crash on invalid USB device requiring the visor driver was reported. > The treo_attach() function of the [visor] driver, which is called during the driver > initialization process, was dereferencing the bulk-in and interrupt-in urbs without > first making sure they had been allocated by the core. Due to an incomplete sanity > check, the visor driver tries to dereference null-pointers, which results in crash. > > References: > > Red Hat public Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1312670 > > An upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c We don't really understand "An upstream patch" here. We think you mean the patch is http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 instead. In any case, use CVE-2016-2782 for the reported treo_attach vulnerability. > this flaw is very similar to already existing > CVE-2015-7566 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7566). > This is the same type of a flaw, which just exists in the different function > treo_attach() (instead of clie_5_attach()), so probably we can use the same > CVE-2015-7566 for this. We're not going to change or expand the meaning of CVE-2015-7566 several weeks later. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW0z65AAoJEL54rhJi8gl56wkP/Aoe0dtizrz4nd4CopPTiDOD g+x7UmKmjqlAIlJ6nKwGLmv7by9yvOjZnKnaxQOU/EG+wSL3GpSnVojsrNVZSQGu V5iacBA2GW0a4kd8g7bBnK4ViXuoeJII31LfEYVIrAUXXL9h+fOZSjjy4/L+kk1m VFSCVIa2jbzHvJr+iNIs0oWFmXQjcuzyFzsOOjbgAvtBFEOL4JW+LAW7qMp8mXTR +DpMkaG1JqjzO+Qcj931kNN0MAc5SZBs5+vB0kcI7+g5bKpN01qITvME2szk1iZg GRrVyYKzfc16KcjWjbWJNr6i8TuyE/8UvYOmr9c9DNZjM2yAObBpYehrVApTmAmj yp/pc+QAFUDGMvalgAwtlEie/c+0cihTGN/BkftFd5/RW8JM6Tm3xcl2/ktK6OGC X5L6Mm+q73oVK+YEj3ky5kHYkEsjSrTfN+RrdqE/8r7gNoDhjbaiI4fbq41iFWru 33XexHwVjtVBJboJ5nKQHBpfUdksQ7gY+6rI9rah4Njt2K2EWwzY+Ibw79d+9i8M yJ2grJC/rOzNIDAyU0nyiSWibxEq2HvqmWyfc6CxBgfbXgcTbHxcgWHvTjVuBUfb VcDYFPggg/sxehevY34lcbQCJG/GGWihdNuJ2dY/4jOBqLgjlsGNES/lTd6GXjFF 9IbRRVCzbBb3fap+Ol1N =6+yK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ