Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Multiple Vulnerabilities in Linux kernel OZWPAN driver

 

Systems Affected


Linux Kernel 4.0.5 and prior versions

Threat Level


High


Overview


Multiple vulnerabilities have been reported in Linux KernelOZWPAN (Ozmo Wireless Personal Area Network) driver which could be exploited by a remote attacker toexecute arbitrary code and also cause Denial of Service (DoS) condition.


Description


OZWPAN driver is a USB HCD (Host Controller Driver) driver that uses Wi-Fi to communicate with the wireless peripheral. The USB requests are converted into a layer 2 network protocol and transmitted on the network using an ether type (0x892e) registered to Ozmo Device Inc. 1. Code Execution Vulnerability ( CVE-2015-4001 )
The vulnerability exists in linux kernel due to Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver. A remote attacker could exploit this vulnerability to execute arbitrary code via specially crafted packet or cause denial of service condition.

2. Heap Overflow Vulnerability ( CVE-2015-4002 )
The vulnerability exists in linux kernel due to improper bound-check of user supplied input by drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver. A remote attacker could exploit this vulnerability to execute arbitrary code via specially crafted packet or cause denial of service condition.

3. Input Validation Vulnerability ( CVE-2015-4003 )
The vulnerability exists in linuxkernel due to improper check of network supplied parameter by drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver. A remote attacker could exploit this vulnerability to cause denial of service condition(divide-by-zero error and system crash)via specially crafted packet.

4. Information Disclosure Vulnerability ( CVE-2015-4004 )
The vulnerability exists in linux kernel due to packet parsing of untrusted length field in the OZWPAN driver. A remote attacker could exploit this vulnerability to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.


Impact



Solution/ Workarounds



References


Apply appropriate patches as mentioned in the following links

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 References


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.