Bug 306591 - (CVE-2007-5093) CVE-2007-5093 kernel PWC driver DoS
CVE-2007-5093 kernel PWC driver DoS
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 308471 308481 308491 308501 308511 308521 308531
  Show dependency treegraph
Reported: 2007-09-26 05:37 EDT by Mark J. Cox
Modified: 2009-06-16 02:45 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-16 02:45:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2007-09-26 05:37:20 EDT
Linux Kernel USB PWC Driver Local Denial Of Service Vulnerability
        reported as fixed after

        If a 'pwc' device is disconnected, and a userspace application
        has the device opened, the USB subsystem will be blocked until
        it's closed. This allows attackers to block the entire USB
        subsystem from further use.

Comment 1 Mark J. Cox 2007-09-26 05:40:38 EDT
This is a low/none severity issue; in order to exploit this:

1. a local attacker needs to have the ability to open a connection to the webcam
(which is not the default, only the console user or root would have permissions
to open the connection to the usb port)
2. the attacker needs to convince someone to unplug the webcam

So this attack is only really feasible if the attacker is physically present at
the console (in which case there are much easier ways to DoS the machine).
Comment 3 Red Hat Product Security 2009-06-16 02:45:59 EDT
This issue was addressed in:

Red Hat Enterprise Linux:

Note You need to log in before you can comment on or make changes to this bug.