Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Jul 2016 10:51:16 +1000
From: Wade Mealing <>
Subject: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver.

Hit send too early,

Upstream patch:

Maintainer has yet to send to LKML.

On Mon, Jul 25, 2016 at 10:50 AM, Wade Mealing <> wrote:
> Hello All,
> A flaw was found in the linux kernel's implementation of the airspy
> USB device driver in which a leak was found when a subdev or SDR are
> plugged into the host.
> An attacker can create an targeted USB device which can emulate 64 of
> these devices. Then by emulating an additional device which
> continuously connects and disconnects, each connection attempt will
> leak memory which can not be recovered.
> This issue was assigned CVE-2016-5400.
> Wade Mealing
> Red Hat Product Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ