4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.4%
The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 “relies on user space to close the device,”
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the device
after the disconnect is invoked. NOTE: this rarely crosses privilege
boundaries, unless the attacker can convince the victim to unplug the
affected device.
Author | Note |
---|---|
jdstrand | fixed in DSA 1381-1 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | linux-source-2.6.15 | < 2.6.15-51.66 | UNKNOWN |
ubuntu | 6.10 | noarch | linux-source-2.6.17 | < 2.6.17.1-12.42 | UNKNOWN |
ubuntu | 7.04 | noarch | linux-source-2.6.20 | < 2.6.20-16.33 | UNKNOWN |
ubuntu | 7.10 | noarch | linux-source-2.6.22 | < 2.6.22-12.39 | UNKNOWN |