oss-sec mailing list archives

Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode

From: Greg KH <greg () kroah com>
Date: Mon, 6 May 2013 08:48:07 -0700

On Mon, May 06, 2013 at 05:40:24PM +0200, Marcus Meissner wrote:

On Sun, May 05, 2013 at 12:37:44AM -0600, Kurt Seifried wrote:

On 05/03/2013 05:22 AM, P J P wrote:

Hello,

Linux kernel built with the ChipIdia Highspeed Dual Role
Controller (CONFIG_USB_CHIPIDEA) along with the ChipIdea host
controller (CONFIG_USB_CHIPIDEA_HOST) modules, is vulnerable to a
kernel crash. It occurs while streaming content over network via
USB/Ethernet adapter

A user/program could use this flaw to crash the kernel resulting in
DoS.

Upstream fix: ------------- ->
https://git.kernel.org/linus/929473ea05db455ad88cdc081f2adc556b8dc48f

 Reference: ---------- ->
https://bugzilla.redhat.com/show_bug.cgi?id=959210

Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A
84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B


Please use CVE-2013-2058 for this issue.


JFYI, the respective code was added in Linux 3.5 as far as I see.


And given the hardware involved, I really doubt any desktop/server
distro ever enabled the driver.  Or if they did, I doubt they had any
users with this hardware present, it's an embedded USB controller core,
so maybe a few Android systems might have it present.

thanks,

greg k-h

Current thread:

CVE request: Linux kernel: chipidea: allow disabling streaming in host mode P J P (May 03)
- Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Kurt Seifried (May 04)
  - Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Marcus Meissner (May 06)
    - Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Greg KH (May 06)