CVE-2007-5093
Published: 26 September 2007
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.
Notes
Author | Note |
---|---|
jdstrand | fixed in DSA 1381-1 |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.22.6)
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-51.66)
|
upstream |
Needs triage
|
|
linux-source-2.6.17 Launchpad, Ubuntu, Debian |
edgy |
Released
(2.6.17.1-12.42)
|
upstream |
Needs triage
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
feisty |
Released
(2.6.20-16.33)
|
upstream |
Needs triage
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
gutsy |
Released
(2.6.22-12.39)
|
upstream |
Needs triage
|