'Re: [oss-security] Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors i'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors i
From:       Vladis Dronov <vdronov () redhat ! com>
Date:       2016-02-28 19:21:07
Message-ID: 1586796749.30137780.1456687267516.JavaMail.zimbra () redhat ! com
[Download RAW message or body]

Hello,

> > We don't really understand "An upstream patch" here.
Indeed, the correct commit is cac9b50b0d. I'm sorry for the error.

We will use CVE-2016-2782, thank you.

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer


----- Original Message -----
From: cve-assign@mitre.org
To: vdronov@redhat.com
Cc: cve-assign@mitre.org, oss-security@lists.openwall.com
Sent: Sunday, February 28, 2016 7:41:39 PM
Subject: [oss-security] Re: CVE request -- linux kernel: visor: crash on invalid USB device \
descriptors in treo_attach() in visor driver

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A local kernel crash on invalid USB device requiring the visor driver was reported.
> The treo_attach() function of the [visor] driver, which is called during the driver
> initialization process, was dereferencing the bulk-in and interrupt-in urbs without
> first making sure they had been allocated by the core. Due to an incomplete sanity
> check, the visor driver tries to dereference null-pointers, which results in crash.
> 
> References:
> 
> Red Hat public Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1312670
> 
> An upstream patch: \
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c
> 

We don't really understand "An upstream patch" here. We think you mean
the patch is
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0
 instead. In any case, use CVE-2016-2782 for the reported treo_attach
vulnerability.


> this flaw is very similar to already existing
> CVE-2015-7566 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7566).
> This is the same type of a flaw, which just exists in the different function
> treo_attach() (instead of clie_5_attach()), so probably we can use the same
> CVE-2015-7566 for this.

We're not going to change or expand the meaning of CVE-2015-7566
several weeks later.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW0z65AAoJEL54rhJi8gl56wkP/Aoe0dtizrz4nd4CopPTiDOD
g+x7UmKmjqlAIlJ6nKwGLmv7by9yvOjZnKnaxQOU/EG+wSL3GpSnVojsrNVZSQGu
V5iacBA2GW0a4kd8g7bBnK4ViXuoeJII31LfEYVIrAUXXL9h+fOZSjjy4/L+kk1m
VFSCVIa2jbzHvJr+iNIs0oWFmXQjcuzyFzsOOjbgAvtBFEOL4JW+LAW7qMp8mXTR
+DpMkaG1JqjzO+Qcj931kNN0MAc5SZBs5+vB0kcI7+g5bKpN01qITvME2szk1iZg
GRrVyYKzfc16KcjWjbWJNr6i8TuyE/8UvYOmr9c9DNZjM2yAObBpYehrVApTmAmj
yp/pc+QAFUDGMvalgAwtlEie/c+0cihTGN/BkftFd5/RW8JM6Tm3xcl2/ktK6OGC
X5L6Mm+q73oVK+YEj3ky5kHYkEsjSrTfN+RrdqE/8r7gNoDhjbaiI4fbq41iFWru
33XexHwVjtVBJboJ5nKQHBpfUdksQ7gY+6rI9rah4Njt2K2EWwzY+Ibw79d+9i8M
yJ2grJC/rOzNIDAyU0nyiSWibxEq2HvqmWyfc6CxBgfbXgcTbHxcgWHvTjVuBUfb
VcDYFPggg/sxehevY34lcbQCJG/GGWihdNuJ2dY/4jOBqLgjlsGNES/lTd6GXjFF
9IbRRVCzbBb3fap+Ol1N
=6+yK
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic