oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver

From: Greg KH <greg () kroah com>
Date: Tue, 7 Nov 2017 21:22:37 +0100
On Tue, Nov 07, 2017 at 03:14:56PM -0500, Vladis Dronov wrote:

Heololo,

A race condition exists in Linux kernel since year 2003 through version 4.9-rc1
in [legousbtower] driver which allows a null pointer dereference caused by
not removing a device file interface on an error when the probe function is called.
This can cause a write-what-where condition by remapping dev->interrupt_out_buffer
in tower_write(), leading to privilege escalation.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1505905

An upstream patch:

https://github.com/torvalds/linux/commit/2fae9e5a7babada041e2e161699ade2447a01989


I hate to ask, but why are you getting CVEs for bugs fixed over a year
ago, and are already in all stable kernel releases a year ago?  Why does
it matter?

Unless you happen to have a product that doesn't ever do kernel updates
from the stable trees, and well, then you know what you are doing and
don't need CVEs assigned either, right?  :)

thanks,

greg k-h
Previous By Date Next
Previous By Thread Next

Current thread: