diff options
author | Gordon Tetlow <gordon@FreeBSD.org> | 2020-06-09 16:36:54 +0000 |
---|---|---|
committer | Gordon Tetlow <gordon@FreeBSD.org> | 2020-06-09 16:36:54 +0000 |
commit | 3780d66dd07037bcb29af8f67015904becd261ce (patch) | |
tree | 9bdd4f5f886abd33c67fb2351161aa2dd42f99c4 /share/security/advisories/FreeBSD-SA-20:17.usb.asc | |
parent | c611a1a50b44c86ffcbd975cee02271fac0d234f (diff) | |
download | doc-3780d66dd07037bcb29af8f67015904becd261ce.tar.gz doc-3780d66dd07037bcb29af8f67015904becd261ce.zip |
Add EN-20:10, EN-20:11, and SA-20:17.
Approved by: so
Notes
Notes:
svn path=/head/; revision=54224
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-20:17.usb.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-20:17.usb.asc | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-SA-20:17.usb.asc b/share/security/advisories/FreeBSD-SA-20:17.usb.asc new file mode 100644 index 0000000000..c29141dc2b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-20:17.usb.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:17.usb Security Advisory + The FreeBSD Project + +Topic: USB HID descriptor parsing error + +Category: core +Module: kernel +Announced: 2020-06-09 +Credits: Andy Nguyen, Google +Affects: All supported versions of FreeBSD. +Corrected: 2020-06-08 09:32:57 UTC (stable/12, 12.1-STABLE) + 2020-06-09 16:13:54 UTC (releng/12.1, 12.1-RELEASE-p6) + 2020-06-08 09:33:37 UTC (stable/11, 11.4-STABLE) + 2020-06-09 16:13:54 UTC (releng/11.4, 11.4-RC2-p1) + 2020-06-09 16:13:54 UTC (releng/11.3, 11.3-RELEASE-p10) +CVE Name: CVE-2020-7456 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +USB Human Interface Device (HID) descriptors may push/pop the current state +to allow description of items residing in a so-called union. FreeBSD +supports 4 such pop levels. + +II. Problem Description + +If the push/pop level is not restored within the processing of the same HID +item, an invalid memory location may be used for subsequent HID item +processing. + +III. Impact + +An attacker with physical access to a USB port may be able to use a specially +crafted USB device to gain kernel or user-space code execution. + +IV. Workaround + +Setting "sysctl hw.usb.disable_enumeration=1" disables USB device +enumeration preventing the error from occurring. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:17/usb.patch +# fetch https://security.FreeBSD.org/patches/SA-20:17/usb.patch.asc +# gpg --verify usb.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r361918 +releng/12.1/ r361972 +stable/11/ r361919 +releng/11.4/ r361972 +releng/11.3/ r361972 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7456> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:17.usb.asc> +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl7fuFhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJ4Iw/6AuTNBD33WaEZTW7mAfigc1sp8cjnKCvm+DObx1CNpSr9fxiy+Dy5DMjg +/Hv4ijv4flte3txXohdXvYcAKqYrbP1BBr6ptlQYE/V+61sTtxV18XGnID1fgSOZ +WPHGaXMAUNeeVxJSEVJ5rJ+lRo90Rlp/n9pMZlU+tIDFjE0BQ5lJkicg/xgFO9rg +tRaeotoXmdNo3HlkMfXnIZ8q5tOQrcsfSZP6DgQWKspinCJTVTr1eQ9p6mHNV7Ip +XZGuXNaktYxwNk2oWP2dmk6FAkyldReyi856DurhOldmAxPbY5zh4NfwOuL78pSa +draF1up4Vkb/aSQHN1xkaOjlBEmLYHgzND83M9gnE2RdtGVLeerI6Gdd6Pp4D8a2 +vPgWZOQfO82lUjSx/B/XHCA0Ztu4uinPuCkrf9vcteg/juJxQRRyFWUfqGbo3qpC +U9a1AN9Ojgy0eFDKTo7vWUf34kB1RApEEt3y3XNwwbwDWtKdWMRLJfD4oIhbB6Re +URYpBUv5wnkhOq5LR15VJc6jL/DZxqsjByALwtnEdNH6bAYM+6WTmnTYFgUyuvlF +n2tZeD5LXM0GLs377edmAeGR7TUd+rFfndEGFKiDXeSNrmb0Ro6E4vvbUwu5PalA +kf+suJS0noAH+SPmk0YyxKm12plPxyO2zLFIMRpjWz6v1joH+Qk= +=4v1s +-----END PGP SIGNATURE----- |