Bug 306591 (CVE-2007-5093)

Summary: CVE-2007-5093 kernel PWC driver DoS
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: amlau, anton, kernel-maint, kernel-mgr, kreilly, qcai, vmayatsk, zaitcev
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-06-16 06:45:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 308471, 308481, 308491, 308501, 308511, 308521, 308531    
Bug Blocks:    

Description Mark J. Cox 2007-09-26 09:37:20 UTC 
Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability
        reported as fixed after 2.7.22.6

        If a 'pwc' device is disconnected, and a userspace application
        has the device opened, the USB subsystem will be blocked until
        it's closed. This allows attackers to block the entire USB
        subsystem from further use.

http://git.kernel.org/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=85237f202d46d55c1bffe0c5b1aa3ddc0f1dce4d
Comment 1 Mark J. Cox 2007-09-26 09:40:38 UTC 
This is a low/none severity issue; in order to exploit this:

1. a local attacker needs to have the ability to open a connection to the webcam
(which is not the default, only the console user or root would have permissions
to open the connection to the usb port)
2. the attacker needs to convince someone to unplug the webcam

So this attack is only really feasible if the attacker is physically present at
the console (in which case there are much easier ways to DoS the machine).
Comment 3 Red Hat Product Security 2009-06-16 06:45:59 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0275.html
  http://rhn.redhat.com/errata/RHSA-2008-0972.html