It was found that current implementation of kl5kusb105 driver failed to detect short transfers when attempting to read the line state and logged the content of the uninitialised heap transfer buffer. Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146cc8a17a3b4996f6805ee5c080e7101277c410 CVE assignment: http://seclists.org/oss-sec/2017/q1/161
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1416128]
This issue was fixed with the 4.9.5 stable release, currently available on all supported Fedora releases.
Statement: This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.