[security-announce] Security Update: linux-hierofalcon 4.1: CVE-2015-8816

Sona Sarmadi sona.sarmadi at enea.com
Thu Apr 7 09:11:18 CEST 2016


		Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-hierofalcon 4.1) /Enea Linux 5.0
Severity: Low
CVE Name: CVE-2015-8816
Layer: meta-hierofalcon
=========================================================

This update fixes USB hub invalid memory access in hub_activate().

Description
===========
Quickly plugging in and unplugging a USB hub can lead to a null
pointer dereference in kernel (local denial of service) or the USB
port to which the hub is connected becomes unusable, for kernel
versions 2.6.32 < 4.4. The issue occurs when the USB hub gets
disconnected before or while the routine for USB hub activation is
running - hub_activate() function.

References:
===========
http://www.spinics.net/lists/linux-usb/msg132311.html
http://seclists.org/oss-sec/2016/q1/404
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8816

Reference to the upstream fixes:
===============================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=a7e83b16c8d83a75c58989e845c664ecaa6e0aa6

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-hierofalcon.git/patch/?id=4e3dbf27ce3d119bb7267c57f5dfb46c0b9b0da3

How to get the latest patches
=============================
- If you have already cloned needed repositories, update it to get new
security atches.

cd Enea-Linux-5.0/poky/meta-hierofalcon
git pull

- If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-fsl-ppc.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.lists.enea.com/pipermail/security-announce/attachments/20160407/8f212041/attachment.sig>


More information about the security-announce mailing list