Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Feb 2016 12:24:58 -0500 (EST)
From: Vladis Dronov <>
Subject: CVE request -- linux kernel: visor: crash on invalid USB device
 descriptors in treo_attach() in visor driver


If possible, we would like to obtain a CVE-ID for the following issue.

Let me please, note, that this flaw is very similar to already existing
CVE-2015-7566 (
This is the same type of a flaw, which just exists in the different function
treo_attach() (instead of clie_5_attach()), so probably we can use the same
CVE-2015-7566 for this.


A local kernel crash on invalid USB device requiring the visor driver was reported.
The treo_attach() function of the [visor] driver, which is called during the driver
initialization process, was dereferencing the bulk-in and interrupt-in urbs without
first making sure they had been allocated by the core. Due to an incomplete sanity
check, the visor driver tries to dereference null-pointers, which results in crash. 


Red Hat public Bugzilla:

An upstream patch:

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ