oss-sec mailing list archives
Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor
From: Andrey Konovalov <andreyknvl () gmail com>
Date: Wed, 6 Apr 2016 18:38:42 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
There's a flaw in the usbnet Linux kernel driver:usbnet_link_change will call schedule_work and should be avoided if bind is failing. Otherwise we will end up with scheduled work referring to a netdev which has gone away. Instead of making the call conditional, we can just defer it to usbnet_probe, using the driver_info flag made for this purpose.The bug allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have other impact by inserting a USB device with an invalid USB descriptor. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b https://www.spinics.net/lists/netdev/msg367669.html
Use CVE-2016-3951. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXA955AAoJEL54rhJi8gl5NY0QAJ3rDGZ9FqmcCB7Defx4MvY1 nCDzmvcCv2hZdrkoYcHmk0G7O+5D2er6ds4lmuCe5LlByR8gjN+9omHTvCoaYEHh kh4vfjireKsCrY/g9ZElSaUJITnHW2JL4/mv/EX4FjDWkTukAvN4r4Ld6q1827ZF OU56NJL7QlNOG4Z/dTsJNbSp61hOSIIjOx/gr8L7Cj7PY23649hn5OBufSa22RWH 7vJDe9Yu9zWFCFpce2QlF6xJAT1ojmQX43hlpYo/Olv9r8nw0oeHYXe67RV+GKDQ T/Btx+fM2cNaYwSczAnMDh/uNyn2zep0OcL0fOWHRgCZUQ0KWpBWgDA2aEIM4h+G 6qyDguMatCgVniYQQ1TiBSf8aNiluK0ZzonOd9gX4IWFsJIRMpTxbS0tmEij7p5U efeS50dUGC3huT7cEh8GbZBj8xVKmwM+st+bOGgrYZ6Z/1UqzUuE7M1zYheXTyOD F+KVqa3C8r548/yHiTajhF90H92XFYZLb5W/hn/Id/mqiGQvBBR4BE59yWGrEG86 LG//lJw53nbFIqXIQq1qevNqXOQsE0sQj/Wkv9k2/ez3GClKUxPFyWgJazDN8g8k /FR0Bdd/kqVjaJ4pr8eO/PP8SHq+I71Os0BuuhJE00hn9TMqkvWHV46DKoXnW5Ck LVHmzK4rafNRvycxIF2t =KiV2 -----END PGP SIGNATURE-----
Current thread:
- Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor Andrey Konovalov (Apr 06)