oss-sec mailing list archives

CVE Request: Linux kernel USB hub invalid memory access in hub_activate()

From: "Cornea, Alexandru" <alexandru.cornea () intel com>
Date: Tue, 23 Feb 2016 13:41:06 +0000

Hello,

    Quickly plugging in and unplugging a USB hub can lead to a null pointer dereference in kernel (local denial of 
service) or the USB port to which the hub is connected becomes unusable, for kernel versions 2.6.32 < 4.4.
    The issue occurs when the USB hub gets disconnected before or while the routine for USB hub activation is running - 
hub_activate() function.

Bug reported on the kernel USB mailing list: http://www.spinics.net/lists/linux-usb/msg132311.html

Issue is fixed in kernel 4.4, by commit: 
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5

Could a CVE please be assigned to this issue? (it has not been previously requested anywhere else)

Thanks,
   Alex

---
Regards,

Alexandru Cornea
Security QA Engineer
Intel SSG OTC Romania

Current thread:

CVE Request: Linux kernel USB hub invalid memory access in hub_activate() Cornea, Alexandru (Feb 23)
- Re: CVE Request: Linux kernel USB hub invalid memory access in hub_activate() cve-assign (Feb 23)