[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#332587: linux-2.6: [CAN-2005-3055] Oops while completing async USB via usbdevio

Package: linux-2.6
Severity: normal
Tags: upstream security

>From CAN-2005-3055:

Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial
of service (kernel OOPS) via a userspace process that issues a USB
Request Block (URB) to a USB device and terminates before the URB is
finished, which leads to a stale pointer reference.

  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3055
  [2] http://marc.theaimsgroup.com/?l=linux-kernel&m=112766129313883
  [3] http://lkml.org/lkml/2005/9/30/218

I believe that the 2.6.12 and 2.6.13 kernels have this problem.
2.6.8 and 2.4.27 do not seem to have it as the driver is missing.

Upstream do not seem to have a solution (See [3] above) yet, 
but I expect it will show up in 2.6-stable when they do.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686-smp
Locale: LANG=ja_JP.eucJP, LC_CTYPE=ja_JP.eucJP (charmap=EUC-JP) (ignored: LC_ALL set to ja_JP.eucJP)

Reply to: