Bug 1311589 (CVE-2015-8816) - CVE-2015-8816 kernel: USB hub invalid memory access in hub_activate()
Summary: CVE-2015-8816 kernel: USB hub invalid memory access in hub_activate()
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-8816
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1311591
TreeView+ depends on / blocked
 
Reported: 2016-02-24 14:21 UTC by Andrej Nemec
Modified: 2021-02-17 04:18 UTC (History)
35 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-01 15:18:30 UTC
Embargoed:


Attachments (Terms of Use)

Description Andrej Nemec 2016-02-24 14:21:55 UTC
Quickly plugging in and unplugging a USB hub can lead to a null
pointer dereference in kernel (local denial of service) or the USB
port to which the hub is connected becomes unusable, for kernel
versions 2.6.32 < 4.4. The issue occurs when the USB hub gets
disconnected before or while the routine for USB hub activation is
running - hub_activate() function.

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5

External references:

http://www.spinics.net/lists/linux-usb/msg132311.html

CVE-ID request and assignment:

http://seclists.org/oss-sec/2016/q1/404

http://seclists.org/oss-sec/2016/q1/413

Comment 1 Josh Boyer 2016-02-24 15:00:06 UTC
This was fixed in 4.3.5 with:

commit 28fb0f5b4fa9b9e201b2c6d781382601b60feee3
Author: Alan Stern <stern.edu>
Date:   Wed Dec 16 13:32:38 2015 -0500

    USB: fix invalid memory access in hub_activate()
    
    commit e50293ef9775c5f1cf3fcc093037dd6a8c5684ea upstream.

Fedora 22 is the only branch still on the 4.3.y kernel series and it is already at 4.3.5 or newer.  The remainder of the Fedora branches already contain this fix.

Comment 3 Vladis Dronov 2016-04-01 15:18:30 UTC
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, and Red Hat Enterprise MRG 2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.


Note You need to log in before you can comment on or make changes to this bug.