Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Mar 2016 09:57:35 -0400 (EDT)
From: cve-assign@...re.org
To: vdronov@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A device pretending to be a device driven by the ims-pcu driver,
> but leaving out either of the two interfaces present on the genuine
> device will crash the driver and possibly the kernel. Thus, DoS
> with physical access is possible. Kernels since v3.10 are vulnerable.
> 
> https://bugzilla.novell.com/show_bug.cgi?id=971628
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff
> https://bugzilla.redhat.com/show_bug.cgi?id=1320060

>> drivers/input/misc/ims-pcu.c
>> ims_pcu_parse_cdc_data

Use CVE-2016-3689.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW+9rcAAoJEL54rhJi8gl5wvUQAJW92s9jIxSymkHknHHqylhW
tnaKUdv0F4Fm5bIsSe0/eeXR6o6YkdJ0RxzPsPfzej2Ih8lofv2siQcFMMl6t2ea
GzhKLnMpDFOXtq9sib9sDrObAWMNPdPYJaZEMt9v7Bv67AUNHNmjp2/WtwdMluJe
Hls5Sz81XAgqWPgIYI+Y2JbOzeHBQpdcv9E5hOtIM/il+/9LT1hlDly6wNW58OZa
LYyN2o7zHcBjN+1GjqKbwNETKjb/2JwRfxTZgEVt76FnMY+qIPOmMMTBCuPzQR6g
jeCE0jeuZ5O6RDs9hf4eHE+f4oQ7ZA+CsStykp0nQ6EU6Ganzr6TQAlgFhJVjUlc
jocWd+BpF6wUxdlbuy6IMHW7CLBHCgNqLiUVTZePgUEHr3iwxoBmPcvvgqzmihJ5
cbaYfI7jMSR57WMDw0G670+In5ttZxDPeijqOMdcMp5R6unMajr5+WwoCbvp/k6J
ij2EiKF3Ur1FPlSwg01qJE3Z/o67wMAO6G7mr8d/qLXtkDgrFe/XmKdRZWiZEm58
GANKGWu+LYK5f+vK638ls+cCrXVLKziCQdQo+88EIHNt/80wohbcYNX+5n9OPNok
SO9lrGknX4r979+2AyWYKqxhWToOK09TL6ZiiBUxodULusBAGwyTj2epAzAylUwC
dthSTfy0M0szo3ktzMvd
=ILXh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.