oss-sec mailing list archives
Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257
From: Moein Ghasemzadeh <moein () istuary com>
Date: Tue, 22 Sep 2015 17:49:53 -0700
Hello, We have discovered a vulnerability in a linux kernel module and would like to inform you so that required actions could be taken. Assigned CVE ID : CVE-2015-5257. Below is the description of the vulnerability. 1. Software name and vendor name: USB WhiteHEAT serial driver by ConnecTech in the Linux kernel v3.19.0-28, but likely to exist in all kernel versions. 2. Type of vulnerability or attack outcome: The vulnerability triggers a kernel NULL pointer dereference. It causes the OS to freeze on many machines and requires a cold reboot, causing denial of service. 3. A description of the affected code (e.g. the function name, the vulnerable web page, link to the affected code, a bug entry, etc.): The flaw exists in the "whiteheat_attach" function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel. (http://lxr.free-electrons.com/source/drivers/usb/serial/whiteheat.c?v=3.19) In the driver, the “COMMAND_PORT” variable is hard coded and is set to “4” (5th element). So, the driver assumes that the number of ports always will be 5 and takes the port number 5 as the command port. But, using a specially made USB device in which the number of ports was set to a number less than 5 (e.g. 3) we were able to perform Denial of Service on the system due to a kernel NULL pointer dereference. The system froze and requires a reboot. You may find more information regarding the bug from the logs attached to this email. Please let us know if you have any questions or concerns. Thanks, -- * Moein Ghasemzadeh *| Security Researcher Istuary Innovation Labs Inc. 800, 1125 Howe St., Vancouver V6Z 2K8, BC, Canada Tel: 604.299.0388 ext 812 | Fax: 604.299.8003 www.istuary.com <http://www.istuary.com/>
Attachment:
dmesg.txt
Description:
Attachment:
lspci.txt
Description:
Attachment:
lshw.txt
Description:
Attachment:
lscpu.txt
Description:
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257 Moein Ghasemzadeh (Sep 22)
- Re: Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257 Greg KH (Sep 22)
- Re: Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257 Greg KH (Sep 23)
- Re: Vulnerability in WhiteHEAT Linux Driver-CVE-2015-5257 Greg KH (Sep 22)