A flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host.
An attacker can create an targeted USB device which can emulate 64 of
these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1358186]
Red Hat Enterprise Linux is not affected by this flaw as this module is not available in shipping source code.
Red Hat would like to thank James Patrick-Evans for bringing this to our attention.
Is there a fix posted anywhere? LKML wasn't copied it seems, and the mitre listing is still the default reserved text.
At this time, the patch has been submitted to the maintainer ( https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742 ) and we are awaiting the submission upstream.
Red Hat Product Security
Is that patch really related to this issue? According to http://seclists.org/oss-sec/2016/q3/178 the following patch fixes this issue:
kernel-4.6.5-300.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.6.5-200.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.