Red Hat Enterprise Linux Kernel usbvision Driver Bug Lets Local Users Cause Denial of Service Conditions on the Target System
|
SecurityTracker Alert ID: 1034452 |
SecurityTracker URL: http://securitytracker.com/id/1034452
|
CVE Reference:
CVE-2015-7833
(Links to External Site)
|
Date: Dec 17 2015
|
Impact:
Denial of service via local system
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): RHEL 6, 7
|
Description:
A vulnerability was reported in the Red Hat Enterprise Linux kernel. A local user can cause denial of service conditions on the target system.
A physically local user can load a specially crafted USB device to trigger a flaw in the usbvision driver to cause a kernel panic.
The original advisory is available at:
http://www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescriptors-UsbvisionDriver.pdf
Sergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg reported this vulnerability.
|
Impact:
A physically local user can cause the target system to crash.
|
Solution:
No solution was available at the time of this entry.
The vendor does not plan to fix this vulnerability, as described in their bug report, available at:
https://bugzilla.redhat.com/show_bug.cgi?id=1270158
A proposed patch is available at:
http://git.linuxtv.org//media_tree.git/commit/?id=fa52bd506f274b7619955917abfde355e3d19ffe
|
Vendor URL: www.kernel.org/ (Links to External Site)
|
Cause:
State error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|