| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Apr 2016 02:37:33 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: Josh Boyer <jwboyer@...oraproject.org>
Cc: stable@...r.kernel.org, Ralf Spenneberg <ralf@...nneberg.net>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4.5 058/238] USB: iowarrior: fix oops with malicious USB
descriptors
On Sun, 2016-04-10 at 11:33 -0700, Greg Kroah-Hartman wrote:
> 4.5-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Josh Boyer <jwboyer@...oraproject.org>
>
> commit 4ec0ef3a82125efc36173062a50624550a900ae0 upstream.
>
> The iowarrior driver expects at least one valid endpoint. If given
> malicious descriptors that specify 0 for the number of endpoints,
> it will crash in the probe function. Ensure there is at least
> one endpoint on the interface before using it.
[...]
Which means our imaginary attacker will move on to providing a single
endpoint of the wrong type. You've fixed the driver to reject the PoC
descriptor without thinking about what the driver actually requires.
I don't see the point of applying this to stable; it doesn't provide
any meaningful security benefit.
Ben.
--
Ben Hutchings
This sentence contradicts itself - no actually it doesn't.
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists