oss-sec mailing list archives
Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 14 Mar 2013 17:19:24 +0100
Hi Marcus, On Thu, Mar 14, 2013 at 02:43:41PM +0100, Marcus Meissner wrote:
I am wondering ... do we consider attacks with special attack taylored USB devices as CVE worthy? There is only some precedence in the CVE DB, but not much. I stumbled over this fix from one of my colleagues where a specifically made USB device reporting the "cdc-wdm" USB class could cause a kernel heap overflow. "Malicious attached devices" might fall into several categories: 1. Attaching the device causes the issue directly within the kernel / autoloaded module, without user interaction. (here the case) 2. Attaching the device causes the issue when userspace, dependend on e.g. desktop system, does initiate a seperate action (like an automount and then exploitation of something) (so not direct a kernel, but a kernel + GNOME/KDE interaction). 3. User needs to do something with the attached device (like click on a file on a USB disk) I would consider (1) and (2) CVE worthy at least, not so sure with (3).
FWIW, I think all of the three options are CVE worthy. As Eugene said, some filesystem bugs fall into (3) and they have been issued CVE indentifiers. -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Marcus Meissner (Mar 14)
- Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Eugene Teo (Mar 14)
- RE: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Christey, Steven M. (Mar 14)
- Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried (Mar 14)
- RE: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Christey, Steven M. (Mar 14)
- Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Petr Matousek (Mar 14)
- Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Kurt Seifried (Mar 14)
- Re: CVE Request/Guidance: Linux kernel cdc-wdm buffer overflow triggered by device Eugene Teo (Mar 14)