CVE-2007-5093

Description

The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.

CVSS Metrics

• v2.0•MEDIUM•Score: 4AV:L/AC:H/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.06%• Percentile: 20%

Techniques & Countermeasures

• CWE-399•Resource Management Errors

  Weaknesses in this category are related to improper management of system resources.

Affected Systems

• linux•linux_kernel

  2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.6:rc2 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.8.1 | 2.6.8.1.5 | 2.6.9 | 2.6.9:rc1 | 2.6.9:rc2 | 2.6.9:rc3 | 2.6.9:rc4 | 2.6.10 | 2.6.10:rc1 | 2.6.10:rc2 | 2.6.11 | 2.6.11:rc1 | 2.6.11:rc2 | 2.6.11:rc3 | 2.6.11:rc4 | 2.6.11.1 | 2.6.11.2 | 2.6.11.3 | 2.6.11.4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11.9 | 2.6.11.10 | 2.6.11.11 | 2.6.11.12 | 2.6.11_rc1_bk6 | 2.6.12 | 2.6.12:rc1 | 2.6.12:rc2 | 2.6.12:rc3 | 2.6.12:rc4 | 2.6.12:rc5 | 2.6.12:rc6 | 2.6.12.1 | 2.6.12.2 | 2.6.12.3 | 2.6.12.4 | 2.6.12.5 | 2.6.12.6 | 2.6.12.12 | 2.6.12.22 | 2.6.13 | 2.6.13:rc1 | 2.6.13:rc2 | 2.6.13:rc3 | 2.6.13:rc4 | 2.6.13:rc5 | 2.6.13:rc6 | 2.6.13:rc7 | 2.6.13.1 | 2.6.13.2 | 2.6.13.3 | 2.6.13.4 | 2.6.13.5 | 2.6.14 | 2.6.14:rc1 | 2.6.14:rc2 | 2.6.14:rc3 | 2.6.14:rc4 | 2.6.14.1 | 2.6.14.2 | 2.6.14.3 | 2.6.14.4 | 2.6.14.5 | 2.6.15 | 2.6.15:rc1 | 2.6.15:rc2 | 2.6.15:rc3 | 2.6.15.1 | 2.6.15.2 | 2.6.15.3 | 2.6.15.4 | 2.6.15.5 | 2.6.15.6 | 2.6.15.7 | 2.6.15.11 | 2.6.16 | 2.6.16:rc1 | 2.6.16:rc3 | 2.6.16.1 | 2.6.16.2 | 2.6.16.3 | 2.6.16.4 | 2.6.16.5 | 2.6.16.7 | 2.6.16.9 | 2.6.16.10 | 2.6.16.11 | 2.6.16.12 | 2.6.16.19 | 2.6.16.23 | 2.6.16.27 | 2.6.17 | 2.6.17:rc1 | 2.6.17:rc2 | 2.6.17:rc3 | 2.6.17:rc4 | 2.6.17:rc5 | 2.6.17:rc6 | 2.6.17.1 | 2.6.17.2 | 2.6.17.3 | 2.6.17.4 | 2.6.17.5 | 2.6.17.6 | 2.6.17.7 | 2.6.17.8 | 2.6.17.9 | 2.6.17.10 | 2.6.17.11 | 2.6.17.12 | 2.6.17.13 | 2.6.17.14 | 2.6.18 | 2.6.18.1 | 2.6.18.2 | 2.6.18.3 | 2.6.18.4 | 2.6.19 | 2.6.19:rc1 | 2.6.19:rc2 | 2.6.19:rc3 | 2.6.19:rc4 | 2.6.19.1 | 2.6.19.2 | 2.6.20 | 2.6.20:rc2 | 2.6.20.1 | 2.6.20.2 | 2.6.20.3 | 2.6.20.4 | 2.6.20.5 | 2.6.20.8 | 2.6.20.9 | 2.6.20.10 | 2.6.20.11 | 2.6.20.12 | 2.6.20.13 | 2.6.20.14 | 2.6.20.15 | 2.6.21 | 2.6.21:rc3 | 2.6.21:rc4 | 2.6.21:rc5 | 2.6.21:rc6 | 2.6.21:rc7 | 2.6.21.1 | 2.6.21.2 | 2.6.21.3 | 2.6.21.4 | 2.6.22 | 2.6.22:rc6 | 2.6.22.1 | 2.6.22.3 | 2.6.22.4 | 2.6.22.5 | 2.6.22.6 | 2.6.22.7 | 2.6.23:rc1 | 2.6.23:rc2 | 2.6_test9_cvs

References (22)

• http://www.redhat.com/support/errata/RHSA-2008-0275.html
• http://secunia.com/advisories/30294
• http://marc.info/?l=linux-kernel&m=118873457814808&w=2
• http://marc.info/?l=linux-kernel&m=118880154122548&w=2
• http://rhn.redhat.com/errata/RHSA-2008-0972.html
• http://secunia.com/advisories/28706
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.6
• http://secunia.com/advisories/26994
• http://www.debian.org/security/2008/dsa-1504
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10494
• http://www.ubuntu.com/usn/usn-558-1
• http://www.debian.org/security/2007/dsa-1381
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
• http://www.debian.org/security/2008/dsa-1503
• http://www.ubuntu.com/usn/usn-574-1
• http://secunia.com/advisories/29058
• http://secunia.com/advisories/28971
• http://www.securityfocus.com/bid/25504
• http://secunia.com/advisories/28170
• http://secunia.com/advisories/32799
• http://www.ubuntu.com/usn/usn-578-1