Bug 186622 - [panic] FreeBSD 10.0 AMD64 kernel panic in ifmedia_set() / usb / ethernet / vulnerability / remote
Summary: [panic] FreeBSD 10.0 AMD64 kernel panic in ifmedia_set() / usb / ethernet / v...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: usb (show other bugs)
Version: unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-usb mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-10 10:00 UTC by Tomasz "CeDeROM" CEDRO
Modified: 2018-05-28 19:47 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomasz "CeDeROM" CEDRO 2014-02-10 10:00:00 UTC
After plugging USB Ethernet interface (Unitek USB2.0 Gigabit LAN) system
crashed. After reboot it turned out that it was related with media
status. This may allow to trigger such situation by USB device or maybe
crafted packet in order to perform DoS and maybe remote code execution...

ugen1.5: <vendor 0x0b95> at usbus1
axe0: <vendor 0x0b95 product 0x1780, rev 2.00/0.01, addr 5> on usbus1
miibus0: <MII bus> on axe0
rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 2 on miibus0
rgephy0:  no media present
ifmedia_set: no match for 0x0/0xeffffff
panic: ifmedia_set
cpuid = 1
KDB: stack backtrace:
#0 0xffffffff808e7dd0 at kdb_backtrace+0x60
#1 0xffffffff808af8b5 at panic+0x155
#2 0xffffffff8096fa7a at ifmedia_set+0x5a
#3 0xffffffff805b6e02 at rgephy_attach+0x172
#4 0xffffffff808df242 at device_attach+0x3a2
#5 0xffffffff808e031d at bus_generic_attach+0x2d
#6 0xffffffff805b30ad at miibus_attach+0xbd
#7 0xffffffff808df242 at device_attach+0x3a2
#8 0xffffffff808e031d at bus_generic_attach+0x2d
#9 0xffffffff805b2c85 at mii_attach+0x435
#10 0xffffffff81d8f4f6 at axe_attach_post_sub+0x116
#11 0xffffffff81d70217 at ue_attach_post_task+0xb7
#12 0xffffffff8075bc8f at usb_process+0x11f
#13 0xffffffff8088198a at fork_exit+0x9a
#14 0xffffffff80c758ce at fork_trampoline+0xe

How-To-Repeat: Plug in USB Ethernet interface, then plug in media cable into the interface.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2014-04-20 02:48:45 UTC
State Changed
From-To: open->open
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2014-04-20 02:48:45 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-usb
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:47:31 UTC
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.