Bug 978445 - VUL-1: CVE-2016-4482: kernel: usbfs leaking three bytes per syscall to user space
VUL-1: CVE-2016-4482: kernel: usbfs leaking three bytes per syscall to user s...
Status: RESOLVED DUPLICATE of bug 978401
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Oliver Neukum
Security Team bot
CVSSv2:SUSE:CVE-2016-4482:1.9:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-04 11:05 UTC by Oliver Neukum
Modified: 2022-02-13 11:14 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Neukum 2016-05-04 11:05:43 UTC
This is from upstream. It is only three bytes per call, but the call can be endlessly repeated. The leaked bytes come from the stack. All our trees are affected.

commit 681fef8380eb818c0b845fca5d2ab1dcbab114ee
Author: Kangjie Lu <kangjielu@gmail.com>
Date:   Tue May 3 16:32:16 2016 -0400

    USB: usbfs: fix potential infoleak in devio
Comment 1 Marcus Meissner 2016-05-04 12:32:47 UTC
cve was already requested.
Comment 2 Marcus Meissner 2016-05-04 13:22:26 UTC
i think this is the issue:

> In the USB module (drivers/usb/core/devio.c), The stack object "ci" has a
> total
> size of 8 bytes. Its last 3 bytes are padding bytes which are not
> initialized and
> leaked to userland
> 
> http://www.spinics.net/lists/linux-usb/msg140243.html
> 
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/log/drivers/usb/core/devio.c
> (not yet there; probably soon)

Use CVE-2016-4482.


(already dup)

*** This bug has been marked as a duplicate of bug 978401 ***
Comment 3 Swamp Workflow Management 2016-08-24 13:17:52 UTC
openSUSE-SU-2016:2144-1: An update that solves 53 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 901754,941113,942702,945219,955654,957052,957988,959709,960561,961512,963762,963765,966245,966437,966693,966849,967972,967973,967974,967975,968010,968011,968012,968013,968018,968670,969354,969355,970114,970275,970892,970909,970911,970948,970955,970956,970958,970970,971124,971125,971126,971360,971628,971799,971919,971944,972174,973378,973570,974308,974418,974646,975945,978401,978445,978469,978821,978822,979021,979213,979548,979867,979879,979913,980348,980363,980371,980725,981267,982706,983143,983213,984464,984755,984764,986362,986365,986377,986572,986573,986811
CVE References: CVE-2012-6701,CVE-2013-7446,CVE-2014-9904,CVE-2015-3288,CVE-2015-6526,CVE-2015-7566,CVE-2015-8709,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2015-8830,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2187,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3136,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-3672,CVE-2016-3689,CVE-2016-3951,CVE-2016-4470,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4913,CVE-2016-4997,CVE-2016-5244,CVE-2016-5829
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.20.3, cloop-2.639-14.20.3, crash-7.0.8-20.3, hdjmod-1.28-18.21.3, ipset-6.23-20.3, kernel-debug-3.16.7-42.1, kernel-default-3.16.7-42.1, kernel-desktop-3.16.7-42.1, kernel-docs-3.16.7-42.2, kernel-ec2-3.16.7-42.1, kernel-obs-build-3.16.7-42.2, kernel-obs-qa-3.16.7-42.1, kernel-obs-qa-xen-3.16.7-42.1, kernel-pae-3.16.7-42.1, kernel-source-3.16.7-42.1, kernel-syms-3.16.7-42.1, kernel-vanilla-3.16.7-42.1, kernel-xen-3.16.7-42.1, pcfclock-0.44-260.20.2, vhba-kmp-20140629-2.20.2, virtualbox-5.0.20-48.5, xen-4.4.4_02-46.2, xtables-addons-2.6-22.3