

Four Remote Packet-Of-Death Vulnerabilities Found in Linux Driver - meltingice
https://lkml.org/lkml/2015/5/13/739

======
tedchs
Alarmist headline for an obscure driver, that, while included in the kernel,
is almost certainly not running on your production Linux server. Seems to be
related to products from Ozmo Device Inc. that push USB data over a layer 2
Wi-Fi Direct connection: [http://lxr.free-
electrons.com/source/drivers/staging/ozwpan/](http://lxr.free-
electrons.com/source/drivers/staging/ozwpan/)

~~~
duskwuff
From a company that doesn't even appear to be in business anymore:

[http://www.ozmodevices.com/](http://www.ozmodevices.com/)

------
zx2c4
Related oss-sec discussion for CVE assignment:

[http://seclists.org/oss-sec/2015/q2/446](http://seclists.org/oss-
sec/2015/q2/446)

------
cjbprime
It's a "staging" driver; not a big deal, you are almost certainly not using
this driver.

~~~
zx2c4
I wouldn't jump to such conclusions so fast about the deployment and usage of
this driver. Included with many distributions and several devices require its
usage.

~~~
cjbprime
It doesn't look to be enabled in Fedora, Debian, Ubuntu, Mint or OpenSuSE to
me, which covers the top five. Which distributions are you referring to?

I see OpenSUSE disabled it back in 2013 with a commit message '"Take it behind
the barn and shoot it." says Michal. :)', presumably in response to inspection
after its previous vulnerabilities -- [http://kernel.opensuse.org/cgit/kernel-
source/commit/?id=2c1...](http://kernel.opensuse.org/cgit/kernel-
source/commit/?id=2c1c77c5da1ce2e3efb4555261fa2d05f4565ff7)

