A use-after-free flaw was found in iowarrior_disconnect in iowarrior USB driver module were a flag was simultaneously modified causing a race between a device open and disconnect. This flaw could allow a physical attacker to cause a denial of service (DoS) attack. This vulnerability could even lead to a kernel information leak problem. References: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7 http://seclists.org/oss-sec/2019/q4/115 http://www.openwall.com/lists/oss-security/2019/12/03/4 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.7 Upstream Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=edc4746f253d907d048de680a621e121517f484b https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c468a8aa790e0dfe0a7f8a39db282d39c2c00b46
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1783508]
This was fixed for Fedora in the 5.3.7 stable kernel update.
Mitigation: This flaw can be mitigated by preventing the affected USB IO-Warrior driver (iowarrior) kernel module from loading during the boot time, ensure the module is added into the blacklist file. ~~~ Refer: How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278 ~~~
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1578 https://access.redhat.com/errata/RHSA-2021:1578
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1739 https://access.redhat.com/errata/RHSA-2021:1739
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-19528