Bug 1324782 (CVE-2016-3951) - CVE-2016-3951 kernel: crash on invalid USB device descriptors (usbnet driver)
Summary: CVE-2016-3951 kernel: crash on invalid USB device descriptors (usbnet driver)
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2016-3951
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1324815
Blocks: 1317020
TreeView+ depends on / blocked
 
Reported: 2016-04-07 09:41 UTC by Andrej Nemec
Modified: 2021-02-17 04:06 UTC (History)
38 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-11 13:21:07 UTC
Embargoed:


Attachments (Terms of Use)

Description Andrej Nemec 2016-04-07 09:41:11 UTC
A vulnerability was found in the usbnet Linux kernel driver.

The bug allows physically proximate attackers to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
other impact by inserting a USB device with an invalid USB descriptor.

Upstream fixes:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b

External references:

https://www.spinics.net/lists/netdev/msg367669.html
https://bugzilla.novell.com/show_bug.cgi?id=974418

Reference and CVE assignment:

http://seclists.org/oss-sec/2016/q2/19

Comment 1 Andrej Nemec 2016-04-07 11:10:24 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1324815]

Comment 3 Vladis Dronov 2016-04-11 13:21:07 UTC
Statement:

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Comment 4 Fedora Update System 2016-04-19 19:22:49 UTC
kernel-4.4.7-300.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 jdimopou 2016-04-26 08:00:40 UTC
The problem still persists with kernel 4.4.7-300.fc23.

Comment 6 Ashesh Singh 2016-04-28 06:49:55 UTC
I have noticed unusual high CPU temperatures after kernel-4.4.7-300.fc23.x86_64 upgrade. Last good version was kernel-4.4.6-301.fc23.x86_64.

*-cpu
          description: CPU
          product: Core i5 (To Be Filled By O.E.M.)
          vendor: Intel Corp.
          physical id: 3a
          bus info: cpu@0
          version: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
          serial: To Be Filled By O.E.M.
          slot: U3E1
          size: 1595MHz
          capacity: 2600MHz
          width: 64 bits
          clock: 100MHz
          capabilities: x86-64 fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm ida arat epb pln pts dtherm tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt cpufreq
          configuration: cores=2 enabledcores=2 threads=4

Comment 7 Fedora Update System 2016-05-06 19:53:46 UTC
kernel-4.4.8-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Wade Mealing 2016-05-27 02:04:44 UTC
Gday Ashesh,  This bug is specifically about the security issue in usbnet, please create a bug in the Fedora component of this bugzilla.  Thanks.


Note You need to log in before you can comment on or make changes to this bug.