Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 6 Apr 2016 18:38:42 +0300
From: Andrey Konovalov <andreyknvl@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Fwd: CVE Request: Linux: usbnet: memory corruption triggered by
 invalid USB descriptor

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> There's a flaw in the usbnet Linux kernel driver:
>
>> usbnet_link_change will call schedule_work and should be
>> avoided if bind is failing. Otherwise we will end up with
>> scheduled work referring to a netdev which has gone away.
>>
>> Instead of making the call conditional, we can just defer
>> it to usbnet_probe, using the driver_info flag made for
>> this purpose.
>
> The bug allows physically proximate attackers to cause a denial of
> service (NULL pointer dereference and system crash) or possibly have
> other impact by inserting a USB device with an invalid USB descriptor.
>
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b
> https://www.spinics.net/lists/netdev/msg367669.html

Use CVE-2016-3951.

- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXA955AAoJEL54rhJi8gl5NY0QAJ3rDGZ9FqmcCB7Defx4MvY1
nCDzmvcCv2hZdrkoYcHmk0G7O+5D2er6ds4lmuCe5LlByR8gjN+9omHTvCoaYEHh
kh4vfjireKsCrY/g9ZElSaUJITnHW2JL4/mv/EX4FjDWkTukAvN4r4Ld6q1827ZF
OU56NJL7QlNOG4Z/dTsJNbSp61hOSIIjOx/gr8L7Cj7PY23649hn5OBufSa22RWH
7vJDe9Yu9zWFCFpce2QlF6xJAT1ojmQX43hlpYo/Olv9r8nw0oeHYXe67RV+GKDQ
T/Btx+fM2cNaYwSczAnMDh/uNyn2zep0OcL0fOWHRgCZUQ0KWpBWgDA2aEIM4h+G
6qyDguMatCgVniYQQ1TiBSf8aNiluK0ZzonOd9gX4IWFsJIRMpTxbS0tmEij7p5U
efeS50dUGC3huT7cEh8GbZBj8xVKmwM+st+bOGgrYZ6Z/1UqzUuE7M1zYheXTyOD
F+KVqa3C8r548/yHiTajhF90H92XFYZLb5W/hn/Id/mqiGQvBBR4BE59yWGrEG86
LG//lJw53nbFIqXIQq1qevNqXOQsE0sQj/Wkv9k2/ez3GClKUxPFyWgJazDN8g8k
/FR0Bdd/kqVjaJ4pr8eO/PP8SHq+I71Os0BuuhJE00hn9TMqkvWHV46DKoXnW5Ck
LVHmzK4rafNRvycxIF2t
=KiV2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ