Vigil@nce - Linux kernel: denial of service via a Frescologic PCI device of type 0x1009
June 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a Frescologic device of PCI type 0x1009 by the
Linux kernel, in order to trigger a denial of service.
Impacted products: Linux.
Severity: 1/4.
Creation date: 02/06/2016.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel manages Frescologic devices.
The PCI device of type number 1009 hexadecimal can exchange data
with the main memory with the DMA controller. However, when the
access is done in the mode "XHCI STREAMS", the DMA access are
invalid and the device corrupt the main memory.
An attacker can therefore use a Frescologic device of PCI type
0x1009 by the Linux kernel, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN