oss-sec mailing list archives
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver
From: Greg KH <greg () kroah com>
Date: Tue, 7 Nov 2017 21:22:37 +0100
On Tue, Nov 07, 2017 at 03:14:56PM -0500, Vladis Dronov wrote:
Heololo, A race condition exists in Linux kernel since year 2003 through version 4.9-rc1 in [legousbtower] driver which allows a null pointer dereference caused by not removing a device file interface on an error when the probe function is called. This can cause a write-what-where condition by remapping dev->interrupt_out_buffer in tower_write(), leading to privilege escalation. References: https://bugzilla.redhat.com/show_bug.cgi?id=1505905 An upstream patch: https://github.com/torvalds/linux/commit/2fae9e5a7babada041e2e161699ade2447a01989
I hate to ask, but why are you getting CVEs for bugs fixed over a year ago, and are already in all stable kernel releases a year ago? Why does it matter? Unless you happen to have a product that doesn't ever do kernel updates from the stable trees, and well, then you know what you are doing and don't need CVEs assigned either, right? :) thanks, greg k-h
Current thread:
- CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Vladis Dronov (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 08)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver David A. Wheeler (Nov 09)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Stiepan (Nov 10)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Amos Jeffries (Nov 11)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Stuart Gathman (Nov 11)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Vladis Dronov (Nov 13)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 13)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver David A. Wheeler (Nov 13)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 13)