|
Message-Id: <20160224033848.CA26C72E028@smtpvbsrv1.mitre.org> Date: Tue, 23 Feb 2016 22:38:48 -0500 (EST) From: cve-assign@...re.org To: alexandru.cornea@...el.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, costel.maxim@...el.com, stern@...land.harvard.edu Subject: Re: CVE Request: Linux kernel USB hub invalid memory access in hub_activate() -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Quickly plugging in and unplugging a USB hub can lead to a null > pointer dereference in kernel (local denial of service) or the USB > port to which the hub is connected becomes unusable, for kernel > versions 2.6.32 < 4.4. The issue occurs when the USB hub gets > disconnected before or while the routine for USB hub activation is > running - hub_activate() function. > > Bug reported on the kernel USB mailing list: > http://www.spinics.net/lists/linux-usb/msg132311.html > > Issue is fixed in kernel 4.4, by commit: > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea >> This patch fixes the problem by taking a reference to the usb_hub at >> the start of hub_activate() and releasing it at the end (when the work >> is finished), and by locking the hub interface while the work routine >> is running. It also adds a check at the start of the routine to see if >> the hub has already been disconnected, in which nothing should be >> done. Use CVE-2015-8816. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWzSUDAAoJEL54rhJi8gl5mokQAJjfrH2LsZTYKCaO4JWi60x9 l+CQdmkmlwGwr+jc+ijq6IuXroeNCJ9qKoGx+0u6Rl6XjRU9pTnga1NhIuRuO4SB 8vUcoZa4upHCtPzgHDZ0xKjR890UlUzIzi5WCqbZsqR3DzU9KK62qAh54C5idoLw JBs3Jm6sf+LSRMwJs9nlSsTE+OlbgqaPOmzUcEs1vuxROffYLeh8FL4On3iEbL7G LPEO/yIkqOAltYAoBGlMHnFXcaeXr9UNRKTJ5KkxCV+rR68Nvu5/lQDdNB7xEdZn iL1Zg81+uJj6A7xHq21SRj4HtOEgsqGvSp1yxRmi6M1LeTEt95HL7Y1vc0NWKOza N4D9AeHneUz+/DwzBTBWFoSF3qrkcQU9BjN9VZes+DH4PFlSRERdT31gDmiEzmv3 ohh3dc0AT0P7WL2mR3fA2RvtbC0B4I6BgKjSGoQ4em25dk6CJkamIZnZvkXKVAiK 9TOWbOJcFX5YwBKhwMF8Sjrt8VXnyLXaP7k3R1QiLcvLZEnuIrp+9FTyoVghCdcx UaYeC6XQ10Fsj7DP06YYpTjAyzyY9T6I1sWYgYWUz/I1G2hUUvalDdkNqDaP0qgw 15BnBjNFqywSDIf2ecsMviDbPfbauHrXWG72SgsvHTiCmlMu9PxPbDLvCGcsZbEA RYaRhm3fjTEoCcb/0Qb7 =gSr5 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.