oss-sec mailing list archives
Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver
From: cve-assign () mitre org
Date: Sun, 28 Feb 2016 13:41:39 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A local kernel crash on invalid USB device requiring the visor driver was reported. The treo_attach() function of the [visor] driver, which is called during the driver initialization process, was dereferencing the bulk-in and interrupt-in urbs without first making sure they had been allocated by the core. Due to an incomplete sanity check, the visor driver tries to dereference null-pointers, which results in crash. References: Red Hat public Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1312670 An upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c
We don't really understand "An upstream patch" here. We think you mean the patch is http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 instead. In any case, use CVE-2016-2782 for the reported treo_attach vulnerability.
this flaw is very similar to already existing CVE-2015-7566 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7566). This is the same type of a flaw, which just exists in the different function treo_attach() (instead of clie_5_attach()), so probably we can use the same CVE-2015-7566 for this.
We're not going to change or expand the meaning of CVE-2015-7566 several weeks later. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW0z65AAoJEL54rhJi8gl56wkP/Aoe0dtizrz4nd4CopPTiDOD g+x7UmKmjqlAIlJ6nKwGLmv7by9yvOjZnKnaxQOU/EG+wSL3GpSnVojsrNVZSQGu V5iacBA2GW0a4kd8g7bBnK4ViXuoeJII31LfEYVIrAUXXL9h+fOZSjjy4/L+kk1m VFSCVIa2jbzHvJr+iNIs0oWFmXQjcuzyFzsOOjbgAvtBFEOL4JW+LAW7qMp8mXTR +DpMkaG1JqjzO+Qcj931kNN0MAc5SZBs5+vB0kcI7+g5bKpN01qITvME2szk1iZg GRrVyYKzfc16KcjWjbWJNr6i8TuyE/8UvYOmr9c9DNZjM2yAObBpYehrVApTmAmj yp/pc+QAFUDGMvalgAwtlEie/c+0cihTGN/BkftFd5/RW8JM6Tm3xcl2/ktK6OGC X5L6Mm+q73oVK+YEj3ky5kHYkEsjSrTfN+RrdqE/8r7gNoDhjbaiI4fbq41iFWru 33XexHwVjtVBJboJ5nKQHBpfUdksQ7gY+6rI9rah4Njt2K2EWwzY+Ibw79d+9i8M yJ2grJC/rOzNIDAyU0nyiSWibxEq2HvqmWyfc6CxBgfbXgcTbHxcgWHvTjVuBUfb VcDYFPggg/sxehevY34lcbQCJG/GGWihdNuJ2dY/4jOBqLgjlsGNES/lTd6GXjFF 9IbRRVCzbBb3fap+Ol1N =6+yK -----END PGP SIGNATURE-----
Current thread:
- CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver Vladis Dronov (Feb 28)
- Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver cve-assign (Feb 28)