The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. References: https://groups.google.com/forum/#!msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ https://patchwork.kernel.org/patch/10046189/ Upstream Fixes: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1cb7372fa822af6c06c8045963571d13ad6348b https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1728ff617f88a1f7a5d8c8f21fe17a2f6af5d16
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1516274]
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and real-time kernels. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux kernel-alt package. Future Linux kernel updates for the respective releases may address this issue.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948