Vulnerability Description
The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.0 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=linux-kernel&m=118873457814808&w=2
- http://marc.info/?l=linux-kernel&m=118880154122548&w=2
- http://rhn.redhat.com/errata/RHSA-2008-0972.html
- http://secunia.com/advisories/26994
- http://secunia.com/advisories/28170
- http://secunia.com/advisories/28706
- http://secunia.com/advisories/28971
- http://secunia.com/advisories/29058
- http://secunia.com/advisories/30294
- http://secunia.com/advisories/32799
- http://www.debian.org/security/2007/dsa-1381
- http://www.debian.org/security/2008/dsa-1503
- http://www.debian.org/security/2008/dsa-1504
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.6
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:008
FAQ
What is CVE-2007-5093?
CVE-2007-5093 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 "relies on user space to close the device," which allows user-assisted local attackers to cause a den...
How severe is CVE-2007-5093?
CVE-2007-5093 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5093?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.