Date: Thu, 2 Jun 2016 11:10:13 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Hi, reported here: https://marc.info/?l=linux-usb&m=146480770532266&w=2 issue is that the Frescologic device id 1009 host controller apparently has a broken XHCI STREAMS implementation which would lead to memory corruptions Redhat might have already assigned a CVE. I am not sure if this is controllable for code execution, but at least USB devices can be used to brick a machine with the kernel running (local denial of service)? Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.