Bug#332587: linux-2.6: [CAN-2005-3055] Oops while completing async USB via usbdevio

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#332587: linux-2.6: [CAN-2005-3055] Oops while completing async USB via usbdevio
From: Horms <horms@debian.org>
Date: Fri, 07 Oct 2005 17:12:45 +0900
Message-id: <[🔎] E1ENnLR-0007iE-00@tabatha.lab.ultramonkey.org>
Reply-to: Horms <horms@debian.org>, 332587@bugs.debian.org

Package: linux-2.6
Severity: normal
Tags: upstream security


>From CAN-2005-3055:

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
of service (kernel OOPS) via a userspace process that issues a USB
Request Block (URB) to a USB device and terminates before the URB is
finished, which leads to a stale pointer reference.

References: 
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3055
  [2] http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883
  [3] http://lkml.org/lkml/2005/9/30/218

I believe that the 2.6.12 and 2.6.13 kernels have this problem.
2.6.8 and 2.4.27 do not seem to have it as the driver is missing.

Upstream do not seem to have a solution (See [3] above) yet, 
but I expect it will show up in 2.6-stable when they do.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686-smp
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) (ignored: LC_ALL set to ja_JP.eucJP)

Reply to:

Prev by Date: Bug#332583: pagebuf_get: failed to lookup pages
Next by Date: Bug#330287: linux-2.6: CAN-2005-3055 Oops while completing async USB via usbdevio
Previous by thread: Bug#332583: pagebuf_get: failed to lookup pages
Next by thread: Bug#330287: linux-2.6: CAN-2005-3055 Oops while completing async USB via usbdevio
Index(es):
- Date
- Thread