Back to bug 1296466
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-07 10:36:38 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-07 10:36:38 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-01-07 10:37:16 UTC | Depends On | 1283371 | |
| Adam Mariš | 2016-01-07 10:40:41 UTC | Blocks | 1296470 | |
| Martin Prpič | 2016-01-08 13:29:15 UTC | Alias | CVE-2015-7566 | |
| Martin Prpič | 2016-01-08 13:29:23 UTC | Summary | EMBARGOED kernel: Crash on invalid USB device descriptors in visor driver | EMBARGOED CVE-2015-7566 kernel: Crash on invalid USB device descriptors in visor driver |
| Vladis Dronov | 2016-01-08 14:35:34 UTC | Whiteboard | impact=low,public=no,reported=20151118,source=researcher,cvss2=4.9/AV:L/AC:L/Au:N/C:N/I:N/A:C,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,rhel-7/kernel-aarch64=new,mrg-2/kernel-rt=new,fedora-all/kernel=new | impact=low,public=no,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,rhel-7/kernel-aarch64=new,mrg-2/kernel-rt=new,fedora-all/kernel=new |
| Vladis Dronov | 2016-01-08 14:35:45 UTC | Whiteboard | impact=low,public=no,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,rhel-7/kernel-aarch64=new,mrg-2/kernel-rt=new,fedora-all/kernel=new | impact=low,public=no,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-476,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,rhel-7/kernel-aarch64=new,mrg-2/kernel-rt=new,fedora-all/kernel=new |
| Vladis Dronov | 2016-01-08 14:36:47 UTC | CC | vdronov | |
| Doc Text | A flaw was found in a way the Linux kernel visor driver handles certain invalid USB device descriptors. The driver assumes that the device always has at least one out bulk endpoint. By using a specially crafted USB device an unprivileged user with a physical access can trigger a kernel NULL pointer dereference causing the system panic. | |||
| Vladis Dronov | 2016-01-08 14:53:09 UTC | Whiteboard | impact=low,public=no,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-476,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,rhel-7/kernel-aarch64=new,mrg-2/kernel-rt=new,fedora-all/kernel=new | impact=low,public=no,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-476,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=wontfix,rhel-7/kernel-rt=wontfix,mrg-2/realtime-kernel=wontfix,rhelsa-7/arm-kernel=wontfix,fedora-all/kernel=affected |
| Vladis Dronov | 2016-01-11 18:21:21 UTC | Whiteboard | impact=low,public=no,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-476,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=wontfix,rhel-7/kernel-rt=wontfix,mrg-2/realtime-kernel=wontfix,rhelsa-7/arm-kernel=wontfix,fedora-all/kernel=affected | impact=low,public=20160111,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-476,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=wontfix,rhel-7/kernel-rt=wontfix,mrg-2/realtime-kernel=wontfix,rhelsa-7/arm-kernel=wontfix,fedora-all/kernel=affected |
| Vladis Dronov | 2016-01-11 18:21:30 UTC | Summary | EMBARGOED CVE-2015-7566 kernel: Crash on invalid USB device descriptors in visor driver | CVE-2015-7566 kernel: Crash on invalid USB device descriptors in visor driver |
| Vladis Dronov | 2016-01-11 18:21:39 UTC | Group | security, qe_staff | |
| Vladis Dronov | 2016-01-11 18:28:07 UTC | Depends On | 1297517 | |
| Slawomir Czarko | 2016-01-12 10:40:52 UTC | CC | slawomir | |
| Salvatore Bonaccorso | 2016-01-12 20:33:00 UTC | CC | carnil | |
| Summer Long | 2016-03-11 01:14:41 UTC | CC | slong | |
| Doc Text | A flaw was found in a way the Linux kernel visor driver handles certain invalid USB device descriptors. The driver assumes that the device always has at least one out bulk endpoint. By using a specially crafted USB device an unprivileged user with a physical access can trigger a kernel NULL pointer dereference causing the system panic. | A flaw was found in the way the Linux kernel visor driver handles certain invalid USB device descriptors. The driver assumes that the device always has at least one bulk OUT endpoint. By using a specially crafted USB device (without a bulk OUT endpoint), an unprivileged user with physical access could trigger a kernel NULL-pointer dereference and cause a system panic (denial of service). | ||
| Whiteboard | impact=low,public=20160111,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-476,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=wontfix,rhel-7/kernel-rt=wontfix,mrg-2/realtime-kernel=wontfix,rhelsa-7/arm-kernel=wontfix,fedora-all/kernel=affected | s | ||
| Vladis Dronov | 2016-03-11 04:38:29 UTC | Whiteboard | s | impact=low,public=20160111,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-476,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=wontfix,rhel-7/kernel-rt=wontfix,mrg-2/realtime-kernel=wontfix,rhelsa-7/arm-kernel=wontfix,fedora-all/kernel=affected |
| Vladis Dronov | 2016-03-11 13:51:29 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2016-03-11 08:51:29 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:41:49 UTC | Whiteboard | impact=low,public=20160111,reported=20151118,source=researcher,cvss2=4.0/AV:L/AC:H/Au:N/C:N/I:N/A:C,cwe=CWE-476,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=wontfix,rhel-7/kernel-rt=wontfix,mrg-2/realtime-kernel=wontfix,rhelsa-7/arm-kernel=wontfix,fedora-all/kernel=affected |
Back to bug 1296466