Bugzilla – Bug 62595
VUL-0: CVE-2004-0685 :kernel: USB drivers use uninitialized memory
Last modified: 2021-10-16 09:04:40 UTC
Hello, please have a look at: http://www.kb.cert.org/vuls/id/981134 The bug seems to be from August and Gentoo released updates. Therefore a patch should be available... maybe we already have it in the source.
<!-- SBZ_reproduce --> -
Created attachment 25371 [details] usb-leak.txt Mail from vendor-sec@
Oops, this mail is from 2003. :-\
From: Mark J Cox <mjc@redhat.com> To: Thomas Biege <thomas@suse.de> Cc: vendor-sec@lst.de Subject: Re: [vendor-sec] kernel usb driver leak memory Errors-To: vendor-sec-admin@lst.de Date: Mon, 25 Oct 2004 13:55:42 +0100 (BST) > http://www.kb.cert.org/vuls/id/981134 Is that: CAN-2004-0685 usb sparse fixes in 2.4 {MODERATE} More leaks found by Conectiva mentioned to vendor sec on Oct23, Fixed upstream 20031023 therefore 2.6.0 wasn't vulnerable http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ Fixed on 20040726 by: http://linux.bkbits.net:8080/linux-2.4/cset@410582380U3H9KOx8J2YZmMT0bhXQw
Sorry, I do not know how to work with BitKeeper and I plainly refuse to learn how to use this proprietary repository. Can somebody please send me the patches in some usable form?
its called ' diff -Nur style patch ' in the links above.
fixed.
CVE-2004-0685: CVSS v2 Base Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)