Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 2 Jun 2016 11:10:13 +0200
From: Marcus Meissner <>
To: OSS Security List <>
Subject: CVE Request: bad USB host adapter implementation can corrupt
 memory/brick machine


reported here:

issue is that the Frescologic device id 1009 host controller apparently
has a broken XHCI STREAMS implementation which would lead to memory corruptions

Redhat might have already assigned a CVE.

I am not sure if this is controllable for code execution, but at least USB devices can be used
to brick a machine with the kernel running (local denial of service)?

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.