oss-sec mailing list archives
CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver)
From: Vladis Dronov <vdronov () redhat com>
Date: Wed, 30 Mar 2016 08:52:57 -0400 (EDT)
Hello, If possible, we would like to obtain a CVE-ID for the following securuty flaw. A device pretending to be a device driven by the ims-pcu driver, but leaving out either of the two interfaces present on the genuine device will crash the driver and possibly the kernel. Thus, DoS with physical access is possible. Kernels since v3.10 are vulnerable. Initial reference with a proposed fix: https://bugzilla.novell.com/show_bug.cgi?id=971628 An upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff Red Hat security Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1320060 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE request -- linux kernel: crash on invalid USB device descriptors (ims-pcu driver) Vladis Dronov (Mar 30)