Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20160228184139.BC0FC3320B7@smtpvbsrv1.mitre.org>
Date: Sun, 28 Feb 2016 13:41:39 -0500 (EST)
From: cve-assign@...re.org
To: vdronov@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A local kernel crash on invalid USB device requiring the visor driver was reported.
> The treo_attach() function of the [visor] driver, which is called during the driver
> initialization process, was dereferencing the bulk-in and interrupt-in urbs without
> first making sure they had been allocated by the core. Due to an incomplete sanity
> check, the visor driver tries to dereference null-pointers, which results in crash.
> 
> References:
> 
> Red Hat public Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1312670
> 
> An upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb3232138e37129e88240a98a1d2aba2187ff57c

We don't really understand "An upstream patch" here. We think you mean
the patch is
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0
instead. In any case, use CVE-2016-2782 for the reported treo_attach
vulnerability.


> this flaw is very similar to already existing
> CVE-2015-7566 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7566).
> This is the same type of a flaw, which just exists in the different function
> treo_attach() (instead of clie_5_attach()), so probably we can use the same
> CVE-2015-7566 for this.

We're not going to change or expand the meaning of CVE-2015-7566
several weeks later.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW0z65AAoJEL54rhJi8gl56wkP/Aoe0dtizrz4nd4CopPTiDOD
g+x7UmKmjqlAIlJ6nKwGLmv7by9yvOjZnKnaxQOU/EG+wSL3GpSnVojsrNVZSQGu
V5iacBA2GW0a4kd8g7bBnK4ViXuoeJII31LfEYVIrAUXXL9h+fOZSjjy4/L+kk1m
VFSCVIa2jbzHvJr+iNIs0oWFmXQjcuzyFzsOOjbgAvtBFEOL4JW+LAW7qMp8mXTR
+DpMkaG1JqjzO+Qcj931kNN0MAc5SZBs5+vB0kcI7+g5bKpN01qITvME2szk1iZg
GRrVyYKzfc16KcjWjbWJNr6i8TuyE/8UvYOmr9c9DNZjM2yAObBpYehrVApTmAmj
yp/pc+QAFUDGMvalgAwtlEie/c+0cihTGN/BkftFd5/RW8JM6Tm3xcl2/ktK6OGC
X5L6Mm+q73oVK+YEj3ky5kHYkEsjSrTfN+RrdqE/8r7gNoDhjbaiI4fbq41iFWru
33XexHwVjtVBJboJ5nKQHBpfUdksQ7gY+6rI9rah4Njt2K2EWwzY+Ibw79d+9i8M
yJ2grJC/rOzNIDAyU0nyiSWibxEq2HvqmWyfc6CxBgfbXgcTbHxcgWHvTjVuBUfb
VcDYFPggg/sxehevY34lcbQCJG/GGWihdNuJ2dY/4jOBqLgjlsGNES/lTd6GXjFF
9IbRRVCzbBb3fap+Ol1N
=6+yK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.