Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Jul 2016 10:51:16 +1000
From: Wade Mealing <wmealing@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver.

Hit send too early,


Upstream patch:
https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742

Maintainer has yet to send to LKML.


On Mon, Jul 25, 2016 at 10:50 AM, Wade Mealing <wmealing@...hat.com> wrote:
> Hello All,
>
> A flaw was found in the linux kernel's implementation of the airspy
> USB device driver in which a leak was found when a subdev or SDR are
> plugged into the host.
>
> An attacker can create an targeted USB device which can emulate 64 of
> these devices. Then by emulating an additional device which
> continuously connects and disconnects, each connection attempt will
> leak memory which can not be recovered.
>
> This issue was assigned CVE-2016-5400.
>
> Wade Mealing
> Red Hat Product Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ