Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1358184 - (CVE-2016-5400) CVE-2016-5400 kernel: memory leak in airspy usb driver
CVE-2016-5400 kernel: memory leak in airspy usb driver
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20160720,reported=2...
: Security
Depends On: 1358186
Blocks: 1356381
  Show dependency treegraph
 
Reported: 2016-07-20 05:20 EDT by Wade Mealing
Modified: 2016-11-08 11:04 EST (History)
35 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host. An attacker can create an targeted USB device which can emulate 64 of these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-09-26 00:10:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Wade Mealing 2016-07-20 05:20:43 EDT 
A flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host.

An attacker can create an targeted USB device which can emulate 64 of
these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.

Upstream patch:
https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742
Comment 1 Wade Mealing 2016-07-20 05:21:37 EDT 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1358186]
Comment 2 Wade Mealing 2016-07-20 05:27:43 EDT 
Statement:

Red Hat Enterprise Linux is not affected by this flaw as this module is not available in shipping source code.
Comment 3 Wade Mealing 2016-07-20 05:31:31 EDT 
Acknowledgements:

Red Hat would like to thank James Patrick-Evans for bringing this to our attention.
Comment 5 Justin M. Forbes 2016-07-20 10:52:24 EDT 
Is there a fix posted anywhere? LKML wasn't copied it seems, and the mitre listing is still the default reserved text.
Comment 6 Wade Mealing 2016-07-24 20:45:51 EDT 
Gday Justin,

At this time, the patch has been submitted to the maintainer ( https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742 ) and we are awaiting the submission upstream.

Thanks

Wade Mealing
Red Hat Product Security
Comment 7 Adam Mariš 2016-07-28 03:38:51 EDT 
Is that patch really related to this issue? According to http://seclists.org/oss-sec/2016/q3/178 the following patch fixes this issue:

https://git.linuxtv.org/media_tree.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848
Comment 8 Wade Mealing 2016-08-02 21:07:32 EDT 
Yep, fixing.
Comment 9 Fedora Update System 2016-08-08 16:24:57 EDT 
kernel-4.6.5-300.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2016-08-08 19:52:12 EDT 
kernel-4.6.5-200.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.