468644 – (CVE-2013-2058) Kernel : usb: chipidea: Allow disabling streaming not just in udc mode (CVE-2013-2058)

Bug 468644 (CVE-2013-2058) - Kernel : usb: chipidea: Allow disabling streaming not just in udc mode (CVE-2013-2058)

Summary: Kernel : usb: chipidea: Allow disabling streaming not just in udc mode (CVE-2...

Status:	RESOLVED FIXED

Alias:	CVE-2013-2058

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-05-05 09:20 UTC by Agostino Sarubbo
Modified:	2021-10-25 00:37 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-05-05 09:20:43 UTC

From ${URL} :

Linux kernel built with the ChipIdia Highspeed Dual Role Controller
(CONFIG_USB_CHIPIDEA) along with the ChipIdea host controller
(CONFIG_USB_CHIPIDEA_HOST) modules, is vulnerable to a kernel crash.
It could occur while streaming content over network via USB/Ethernet adapter.

A user/program could use this flaw to crash the kernel, resulting in DoS.

Upstream fix:
-------------
 -> https://git.kernel.org/linus/929473ea05db455ad88cdc081f2adc556b8dc48f

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2013-11-27 21:39:14 UTC

CVE-2013-2058 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2058):
  The host_start function in drivers/usb/chipidea/host.c in the Linux kernel
  before 3.7.4 does not properly support a certain non-streaming option, which
  allows local users to cause a denial of service (system crash) by sending a
  large amount of network traffic through a USB/Ethernet adapter.

Comment 2 John Helmert III archtester

2021-10-25 00:37:12 UTC

Fix in 3.8 onwards