Bug#332587: linux-2.6: [CAN-2005-3055] Oops while completing async USB via usbdevio
Tags: upstream security
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
of service (kernel OOPS) via a userspace process that issues a USB
Request Block (URB) to a USB device and terminates before the URB is
finished, which leads to a stale pointer reference.
I believe that the 2.6.12 and 2.6.13 kernels have this problem.
2.6.8 and 2.4.27 do not seem to have it as the driver is missing.
Upstream do not seem to have a solution (See  above) yet,
but I expect it will show up in 2.6-stable when they do.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686-smp
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) (ignored: LC_ALL set to ja_JP.eucJP)