Affected Versions:
Debian Linux 5.0 x
Linux kernel 2.6.x
Vulnerability description:
Linux Kernel is the Kernel used by open source Linux.
A USB device stack overflow vulnerability exists in Linux Kernel implementation. Attackers can exploit this vulnerability to execute arbitrary code with the privileges of Super Users, completely control the affected computers, crash the Kernel, and deny service to legitimate users.
If the iowarrior device supports more than 8 bytes in each report in the case statement, it is possible to write data outside the Kernel Heap allocation.
Index bc88c79 .. 8ed8d05 100644 (file)
--- A/drivers/usb/misc/iowarrior. c
++ B/drivers/usb/misc/iowarrior. c
@-374,7 + 374,7 @ static ssize_t iowarrior_write (struct file * file,
Case USB_DEVICE_ID_CODEMERCS_IOWPV2:
Case USB_DEVICE_ID_CODEMERCS_IOW40:
/* IOW24 and IOW40 use a synchronous call */
-Buf = kmalloc (8, GFP_KERNEL);/* 8 bytes are enough for both products */
+ Buf = kmalloc (count, GFP_KERNEL );
If (! Buf ){
Retval =-ENOMEM;
Goto exit;
<* Reference
Kees Cook (kees@ubuntu.com)
Https://bugzilla.redhat.com/show_bug.cgi? Id = 672420
*>
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kernel.org/