oss-sec mailing list archives
Re: CVE request: kernel information leak via userspace USB interface
From: Eugene Teo <eugene () redhat com>
Date: Thu, 18 Feb 2010 09:09:15 +0800
Hi Marcus, On 02/17/2010 06:29 PM, Marcus Meissner wrote:
While programming a USB device using libusb I found that a usb read from the device returned data it should not.
[...]
Access to USB userspace devices either requires root access or desktop user access via udev/hal ACLs on non-mass-storage Digital Cameras or Media Players. (So the desktop user needs to plugin such a ACL getting device before being able to read the memory).
To abuse this, you will need physical access to plug in a USB device, so I do not think this should be regarded as a security issue.
Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE request: kernel information leak via userspace USB interface Marcus Meissner (Feb 17)
- Re: CVE request: kernel information leak via userspace USB interface Eugene Teo (Feb 17)
- Re: CVE request: kernel information leak via userspace USB interface Marcus Meissner (Feb 18)
- Re: CVE request: kernel information leak via userspace USB interface Steven M. Christey (Feb 18)
- Re: CVE request: kernel information leak via userspace USB interface Eugene Teo (Feb 18)
- Re: CVE request: kernel information leak via userspace USB interface Marcus Meissner (Feb 18)
- Re: CVE request: kernel information leak via userspace USB interface Bernhard R. Link (Feb 18)
- Re: CVE request: kernel information leak via userspace USB interface Eugene Teo (Feb 17)