Date: Mon, 25 Jul 2016 10:51:16 +1000 From: Wade Mealing <wmealing@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. Hit send too early, Upstream patch: https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742 Maintainer has yet to send to LKML. On Mon, Jul 25, 2016 at 10:50 AM, Wade Mealing <wmealing@...hat.com> wrote: > Hello All, > > A flaw was found in the linux kernel's implementation of the airspy > USB device driver in which a leak was found when a subdev or SDR are > plugged into the host. > > An attacker can create an targeted USB device which can emulate 64 of > these devices. Then by emulating an additional device which > continuously connects and disconnects, each connection attempt will > leak memory which can not be recovered. > > This issue was assigned CVE-2016-5400. > > Wade Mealing > Red Hat Product Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ