In the Linux kernel, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1783460]
This is fixed for Fedora in the 5.3.12 stable kernel update.
To mitigate this issue, prevent module ff-memless from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:2104 https://access.redhat.com/errata/RHSA-2020:2104
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):