Bug 1358184 (CVE-2016-5400) - CVE-2016-5400 kernel: memory leak in airspy usb driver
Summary: CVE-2016-5400 kernel: memory leak in airspy usb driver
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-5400
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20160720,reported=2...
Depends On: 1358186
Blocks: 1356381
TreeView+ depends on / blocked
 
Reported: 2016-07-20 09:20 UTC by Wade Mealing
Modified: 2019-06-08 21:20 UTC (History)
35 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host. An attacker can create an targeted USB device which can emulate 64 of these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.
Clone Of:
Environment:
Last Closed: 2016-09-26 04:10:12 UTC


Attachments (Terms of Use)

Description Wade Mealing 2016-07-20 09:20:43 UTC
A flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host.

An attacker can create an targeted USB device which can emulate 64 of
these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.

Upstream patch:
https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742

Comment 1 Wade Mealing 2016-07-20 09:21:37 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1358186]

Comment 2 Wade Mealing 2016-07-20 09:27:43 UTC
Statement:

Red Hat Enterprise Linux is not affected by this flaw as this module is not available in shipping source code.

Comment 3 Wade Mealing 2016-07-20 09:31:31 UTC
Acknowledgements:

Red Hat would like to thank James Patrick-Evans for bringing this to our attention.

Comment 5 Justin M. Forbes 2016-07-20 14:52:24 UTC
Is there a fix posted anywhere? LKML wasn't copied it seems, and the mitre listing is still the default reserved text.

Comment 6 Wade Mealing 2016-07-25 00:45:51 UTC
Gday Justin,

At this time, the patch has been submitted to the maintainer ( https://git.linuxtv.org/media_tree.git/commit/?id=eca2d34b9d2ce70165a50510659838e28ca22742 ) and we are awaiting the submission upstream.

Thanks

Wade Mealing
Red Hat Product Security

Comment 7 Adam Mariš 2016-07-28 07:38:51 UTC
Is that patch really related to this issue? According to http://seclists.org/oss-sec/2016/q3/178 the following patch fixes this issue:

https://git.linuxtv.org/media_tree.git/commit/?id=aa93d1fee85c890a34f2510a310e55ee76a27848

Comment 8 Wade Mealing 2016-08-03 01:07:32 UTC
Yep, fixing.

Comment 9 Fedora Update System 2016-08-08 20:24:57 UTC
kernel-4.6.5-300.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2016-08-08 23:52:12 UTC
kernel-4.6.5-200.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.