Quickly plugging in and unplugging a USB hub can lead to a null
pointer dereference in kernel (local denial of service) or the USB
port to which the hub is connected becomes unusable, for kernel
versions 2.6.32 < 4.4. The issue occurs when the USB hub gets
disconnected before or while the routine for USB hub activation is
running - hub_activate() function.
CVE-ID request and assignment:
This was fixed in 4.3.5 with:
Author: Alan Stern <email@example.com>
Date: Wed Dec 16 13:32:38 2015 -0500
USB: fix invalid memory access in hub_activate()
commit e50293ef9775c5f1cf3fcc093037dd6a8c5684ea upstream.
Fedora 22 is the only branch still on the 4.3.y kernel series and it is already at 4.3.5 or newer. The remainder of the Fedora branches already contain this fix.
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, and Red Hat Enterprise MRG 2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.