818543 – (CVE-2013-2058) VUL-1: CVE-2013-2058: kernel: Denial of Service (crash) via unspecified issue in ChipIdia driver

Bug 818543 (CVE-2013-2058) - VUL-1: CVE-2013-2058: kernel: Denial of Service (crash) via unspecified issue in ChipIdia driver

Summary: VUL-1: CVE-2013-2058: kernel: Denial of Service (crash) via unspecified issue...

Status:	RESOLVED FIXED

Alias:	CVE-2013-2058

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2013-05-06 07:57 UTC by Matthias Weckbecker
Modified:	2013-10-04 16:38 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Weckbecker 2013-05-06 07:57:50 UTC

Quote from posting on oss security [1]:

 "Linux kernel built with the ChipIdia Highspeed Dual Role Controller
  (CONFIG_USB_CHIPIDEA) along with the ChipIdea host controller
  (CONFIG_USB_CHIPIDEA_HOST) modules, is vulnerable to a kernel crash. It
  occurs while streaming content over network via USB/Ethernet adapter

  A user/program could use this flaw to crash the kernel resulting in DoS."

Original report by Red Hat is available at [2].

[1] http://seclists.org/oss-sec/2013/q2/273
[2] https://bugzilla.redhat.com/show_bug.cgi?id=959210

Comment 1 Matthias Weckbecker 2013-05-06 08:01:53 UTC

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=929473

Comment 2 Matthias Weckbecker 2013-05-06 08:46:04 UTC

From a quick look I'd say it does not affect any SLE. Could anybody from the
kernel engineers confirm this, please?

Comment 3 Marcus Meissner 2013-05-06 14:50:55 UTC

there was quite some renaming, but the host controller was introduced in
commit eb70e5ab8f95a81283623c03d2c99dfc59fcb319
Author: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Date:   Fri May 11 17:25:54 2012 +0300

in Linux kernel 3.5, and not backported, so does not affect any SLE kernel.

Only openSUSE 12.3 would be affected.

Comment 4 Jeff Mahoney 2013-08-01 18:35:22 UTC

Applied to openSUSE 12.3 via 3.7.3.

No other releases are affected.

Comment 5 Marcus Meissner 2013-10-04 16:38:46 UTC

update running, so done