kern/186622: FreeBSD 10.0 AMD64 kernel panic in ifmedia_set() / usb / ethernet / vulnerability / remote

Tomasz CEDRO cederom at tlen.pl
Mon Feb 10 10:00:00 UTC 2014 

>Number:         186622
>Category:       kern
>Synopsis:       FreeBSD 10.0 AMD64 kernel panic in ifmedia_set() / usb / ethernet / vulnerability / remote
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 10 10:00:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Tomasz CEDRO
>Release:        FreeBSD-10.0 AMD64
>Organization:
CeDeROM
>Environment:
# uname -a
FreeBSD mercury.rd.tp.pl 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789: Thu Jan 16 22:34:59 UTC 2014     root at snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
After plugging USB Ethernet interface (Unitek USB2.0 Gigabit LAN) system crashed. After reboot it turned out that it was related with media status. This may allow to trigger such situation by USB device or maybe crafted packet in order to perform DoS and maybe remote code execution...

ugen1.5: <vendor 0x0b95> at usbus1
axe0: <vendor 0x0b95 product 0x1780, rev 2.00/0.01, addr 5> on usbus1
miibus0: <MII bus> on axe0
rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 2 on miibus0
rgephy0:  no media present
ifmedia_set: no match for 0x0/0xeffffff
panic: ifmedia_set
cpuid = 1
KDB: stack backtrace:
#0 0xffffffff808e7dd0 at kdb_backtrace+0x60
#1 0xffffffff808af8b5 at panic+0x155
#2 0xffffffff8096fa7a at ifmedia_set+0x5a
#3 0xffffffff805b6e02 at rgephy_attach+0x172
#4 0xffffffff808df242 at device_attach+0x3a2
#5 0xffffffff808e031d at bus_generic_attach+0x2d
#6 0xffffffff805b30ad at miibus_attach+0xbd
#7 0xffffffff808df242 at device_attach+0x3a2
#8 0xffffffff808e031d at bus_generic_attach+0x2d
#9 0xffffffff805b2c85 at mii_attach+0x435
#10 0xffffffff81d8f4f6 at axe_attach_post_sub+0x116
#11 0xffffffff81d70217 at ue_attach_post_task+0xb7
#12 0xffffffff8075bc8f at usb_process+0x11f
#13 0xffffffff8088198a at fork_exit+0x9a
#14 0xffffffff80c758ce at fork_trampoline+0xe

>How-To-Repeat:
Plug in USB Ethernet interface, then plug in media cable into the interface.
>Fix:
Fix media handling..?

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list