Bug 1141400 (CVE-2014-3185)

Summary: CVE-2014-3185 Kernel: USB serial: memory corruption flaw
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: agordeev, aquini, bhu, dhoward, esammons, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, jonathan, jross, jscalf, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mguzik, mmilgram, nmurray, pholasek, plougher, pmatouse, rt-maint, rvrbovsk, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-10 08:00:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1141401, 1141402, 1141403, 1141404, 1141405, 1141411, 1173714    
Bug Blocks: 1140968    

Description Prasad Pandit 2014-09-13 01:21:55 UTC 
Linux kernel built with the USB Serial Converter support(USB_SERIAL) along with
a USB ConnectTech WhiteHEAT Serial Driver(CONFIG_USB_SERIAL_WHITEHEAT) is
vulnerable to a memory corruption flaw. It could occur when reading completion
commands via USB Request Blocks buffers.

A local user with physical access to the system could use this flaw to corrupt
kernel memory area or crash the system kernel resulting in DoS.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818
Comment 1 Prasad Pandit 2014-09-13 01:24:08 UTC 
Statement:

This issue affects the versions of the Linux kernel as shipped with
Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel
updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may
address this issue.
Comment 4 Prasad Pandit 2014-09-13 02:32:52 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1141411]
Comment 5 errata-xmlrpc 2014-09-29 19:42:25 UTC 
This issue has been addressed in the following products:

  MRG for RHEL-6 v.2

Via RHSA-2014:1318 https://rhn.redhat.com/errata/RHSA-2014-1318.html
Comment 6 Martin Prpič 2014-09-30 10:48:00 UTC 
IssueDescription:

A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Comment 7 errata-xmlrpc 2014-11-11 15:34:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2014:1843 https://rhn.redhat.com/errata/RHSA-2014-1843.html
Comment 8 errata-xmlrpc 2014-12-09 20:35:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:1971 https://rhn.redhat.com/errata/RHSA-2014-1971.html
Comment 12 errata-xmlrpc 2015-03-03 12:50:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only

Via RHSA-2015:0284 https://rhn.redhat.com/errata/RHSA-2015-0284.html