Category
Security
Release Phase
Resolved
ProductSolaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Bug Id
6414967
Date of Resolved Release25-SEP-2007
Impact
A security vulnerability in the Human Interface Device (HID) class driver for Solaris 8, 9 and 10 may allow a local unprivileged user to panic the system, causing a Denial of Service (DoS).
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 8 without patch 109896-35
- Solaris 9 without patch 115553-28
- Solaris 10 without patch 125123-01
x86 Platform
- Solaris 9 without patch 115554-24
- Solaris 10 without patch 125124-01
Notes:
- Solaris 8 on the x86 platform is not affected by this issue.
- Systems are only impacted by this issue if the HID module is loaded. This happens as soon as you plugin a USB HID class device to the host. USB keyboard, mouse, etc fall into this category.
To determine if the HID module is loaded, the following command can be run:
$ modinfo | grep hid
84 138cc18 36d8 54 1 hid (USB HID Client Driver 1.36)
85 138f938 32e8 - 1 hidparser (HID PARSER 1.13)
Symptoms
A system panic due to this issue will contain a stack trace similar to the following:
freemsg+0x46()
hid_qreply_merror+0x44()
hid_wput+0x19f()
putnext+0x31a()
usbms_wput+0xc3()
putnext+0x31a()
consmslwserv+0x3d()
runservice+0x62()
queue_service+0x5b()
stream_service+0xe8()
taskq_d_thread+0xe8()
thread_start+8()
Workaround
There is no workaround for this issue. Please see the Resolution section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 8 with patch 109896-35 or later
- Solaris 9 with patch 115553-28 or later
- Solaris 10 with patch 125123-01 or later
x86 Platform
- Solaris 9 with patch 115554-24 or later
- Solaris 10 with patch 125124-01 or later
Modification History
Date: 10-OCT-2007
- Updated Contributing Factors section
References
125123-01
125124-01
115553-28
115554-24
109896-35
AttachmentsThis solution has no attachment